Explore >> Select a destination
|
You are here 
|
blog.jak-linux.org | ||
| | | | |
logr.cogley.info
|
|
| | | | | Devs check out « @ProjectSigstore », a project that aims to ease adoption of cryptographic software signing and transparency, like what LetsEncrypt does for SSL certs. ?? What goals does it have, problems does it aim to solve? reduce software supply chain risk make maintainer key management easier reduce sw supply chain attacks such as build system compromises, malicious hashes, compromised keys, replay or freeze attacks It is not quite there yet, but is one to watch. | |
| | | | |
snyk.io
|
|
| | | | | On the 29th of March 2024, the high-stakes investment and prolonged campaign to plant a backdoor in the Linux software library liblzma to gain access to multiple operating systems via Linux distributions was carried out by a malicious actor. | |
| | | | |
www.nodejs-security.com
|
|
| | | | | The XZ backdoor CVE-2024-3094 already happened in JavaScript 5 years ago but now the xz and liblzma malware bundled onto Linux distributions is bringing forth a world-wide threatening event in cybersecurity that jeopardizes the trust, sustainability and security concerns in the open-source ecosystem. | |
| | | | |
washingtontechnology.com
|
|
| | | White House and OMB initiatives are driving security concerns around open source because while it is a powerful tool, it needs to be managed effectively... | ||
