🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

We are now publishing VEX documents for the enterprise distribution of Flux Project with the CVEs that do not affect the Flux controllers. github.com/controlplaneio… Thanks OpenSSF for making maintainer's life easier with OpenVEX and vexctl 🤗

It's the friends you make along the way. That's all.

🎙️ New episode: "What’s in the SOSS?" CRob chats with Adolfo García Veytia (puerco) about the fascinating world of Software Bills of Materials (SBOMs) and VEX. Discussion on #SBOM standards, VEX's role in reducing false positives, and much more! 🚀 hubs.la/Q02Cd0040

Kube Cuddle is back :) There's a new episode with puerco where we talk about the time he wrote a container orchestrator in PHP, supply chain security, and other topics. Search for Kube Cuddle in your podcast app or you can listen at this link: share.transistor.fm/s/da8c537e

.puerco explaining what ProtoBOM and OpenVEX are to CRob in the OpenSSF podcast podcasts.apple.com/gb/podcast/wha…

Join me and Crob -one of my favorite people in the world- in this fun conversation hosted by @ooenssf where we chat about the transparent software supply chain, #SBOM, #VEX and why knowing what's in the sausage is critical to play it safe! Honk! 🪿

Become ungovernable.

The keynote at #CloudNativeSecurityCon today I couldn't miss... puerco talking about VEX #CNSCon

Kubescape is mentioned in CNSCon keynote right now by puerco in connection of VEX pioneering project

Staff Engineer puerco delivering the final keynote today at #CNSCon on the OpenVEX project, which provides a standardized way to communicate about the exploitability of vulnerabilities (and works with SPDX or CycloneDX SBOM Spec (OWASP) SBOMs). #appsec

Next Tuesday join me and Stacey Potter to kick off our new series of fun conversations about the software supply chain! For our first episode, we managed to convince Luke Hinds to be our test subject (sorry Luke!) Send your questions and don't forget to Bring Your Own Tacos!

Muscle memory from years of working with certs means that 99% of the time I'll type OpenSSL Corporation when I really mean OpenSSF. Computering is hard. /honk

On our last Securi-Taco Tuesday puerco welcomed Bob Callaway & Hayden from Google's Open Source Security Team (GOSST) on to chat about how code signing and sigstore secure the software supply chain. Read the recap & watch the replay here: stacklok.com/blog/securi-ta…

Join puerco & Stacey Potter for another #SecuriTacoTuesday livestream on Sep. 17! Bring your tacos as we dive into #SecureAttestations and the in-toto framework! youtube.com/watch?v=nS3DCj…

Man vs /honk 🦆 (man prevailed, mostly through the power of rosé 🍷)

offloading the work to the community is not the solution, maybe companies need to revisit their engagement with OSS, and think that if they want community then they need to invest on them, adding people and resources

This is why you need to back checkpoints during training, and only start training runs after validating integrity of checkpoint, source, data, pre trained model, etc. Yes, this applies even if all the work is internal, small lab or big one