🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

⏰ Reminder folks, the CFP deadline is Sept 13, please submit your talks before then! events.linuxfoundation.org/sigstorecon-su…

It's remarkable how often the real problem is not what happened, but how it was communicated.

Announcing the schedule for SigstoreCon: Supply Chain Day! We're looking forward to talks on Sigstore development, package registry security, SBOMs, TUF, and more! Register now for Nov 12, co-located with Kubecon NA in Salt Lake City events.linuxfoundation.org/sigstorecon-su…

That’s 3 fucking Wake players targeting on that hit Absolutely fucking horrible hit. Please be okay Grayson.

🚨 The SigstoreCon agenda is live! Join us at KubeCon NA 2024 in Salt Lake City for deep dives into digital artifact signing, Sigstore, SLSA, TUF & more. Don't miss insights on the latest in supply chain security. events.linuxfoundation.org/sigstorecon-su… #SigstoreCon #OSSSecurity

🚀 Showcase your brand at #SigstoreCon: Supply Chain Day! Join us to support the future of digital artifact signing & supply chain security. 🔗 Explore options: events.linuxfoundation.org/sigstorecon-su…

Join us at SigstoreCon: Supply Chain Day on Nov 12, co-located with KubeCon NA in SLC! Registration includes a day of engaging talks, lunch, and swag! events.linuxfoundation.org/sigstorecon-su…

ToB's Artur Cygan found code execution and DoS bugs after just a few hours of fuzzing ZBar, an open-source library for reading barcodes. tl;dr basic fuzz testing can reveal serious bugs - even in widely used software. blog.trailofbits.com/2024/10/31/fuz…

New blog post about OSS-Fuzz AI-powered fuzzing is live! We talk about what went into making LLMs work well enough for this use case to find 26 new vulnerabilities (including a CVE in OpenSSL), as well as what else we have planned to make this better. security.googleblog.com/2024/11/leveli…

On the heels of Google’s ‘Big Sleep’ AI discovery of a real-world vulnerability, our OSS-Fuzz team identified and reported 26 vulnerabilities to open-source project maintainers by using AI-generated and enhanced fuzz targets. Read more here: security.googleblog.com/2024/11/leveli…

Happy new year! OSV had a lot of great progress in 2024, from new ecosystem adoption, API improvements, and scanner feature development! We just published a blog about these and our 2025 plans here: osv.dev/blog/posts/202… !

cloud.google.com/blog/products/… Awesome blog on how we’re using SLSA to make GKE more secure for our customers!

OSV-Scanner has just released the first beta for V2, a major update that includes significant new features, including layer-aware container scanning, remediation for pom.xml, new HTML output and more. osv.dev/blog/posts/osv… Please try it out and give us feedback!

The vote for in-toto's graduation is live on github.com/cncf/toc/pull/…! Show your support with a 👍!

🚀 The Alpha-Omega project has published its 2024 annual report! With $6M in grants, Alpha-Omega helped staff security teams, fund audits, and strengthen critical #opensource projects—shaping a more secure and sustainable ecosystem. 📖 hubs.la/Q034J9HY0

📣 Announcing v1.0 of the model-signing project, developed by the #OpenSSF AI/ML WG! This project enables signing + verifying ML models of any size/format using #sigstore, self-signed certs, or key pairs. Read the blog to learn more & get involved: openssf.org/blog/2025/04/0…

Yesterday we launch v1.0 of model signing library, taming the wild west of model formats and deserialization vulnerabilities. You can read more about why this is needed and why we picked Sigstore as main signing method at security.googleblog.com/2025/04/taming…

Excellent post on how confidential computing is being used with the transparency.dev witness ecosystem. blog.transparency.dev/hardening-witn…

I was pleasantly surprised to see model signing presented in the first 5 slides of the conference. And then the A2A talk raised the stakes: we need to sign the agent cards. My thesis: we can do the same with the same model signing solution

Tom Hennen from Google shares how the new #SLSA Source Track helps reduce the risk of source tampering—bringing stronger guarantees to code integrity and auditability. Learn how to protect your repo from attacks like PHP and xz. #OSSummit #OpenSSF #SupplyChainSecurity