Tag: supply chains

  • NCSC Feed: A decade of Cyber Essentials: the journey towards a safer digital future

    Source URL: https://www.ncsc.gov.uk/blog-post/cyber-essentials-decade Source: NCSC Feed Title: A decade of Cyber Essentials: the journey towards a safer digital future Feedly Summary: The 10-year anniversary of Cyber Essentials is not just a celebration of past achievements but a call to action for the future. AI Summary and Description: Yes Summary: The text highlights the 10th anniversary…

  • Hacker News: Attestations: A new generation of signatures on PyPI

    Source URL: https://blog.trailofbits.com/2024/11/14/attestations-a-new-generation-of-signatures-on-pypi/ Source: Hacker News Title: Attestations: A new generation of signatures on PyPI Feedly Summary: Comments AI Summary and Description: Yes Summary: The announcement discusses a new security feature on the Python Package Index (PyPI): index-hosted digital attestations based on PEP 740. This feature enhances package provenance and security by integrating with Trusted…

  • Hacker News: Are We PEP740 Yet?

    Source URL: https://trailofbits.github.io/are-we-pep740-yet/ Source: Hacker News Title: Are We PEP740 Yet? Feedly Summary: Comments AI Summary and Description: Yes **Summary:** PEP 740 introduces a standard for cryptographically verifiable attestations for Python packages, ensuring better security and provenance verification through digital signatures. This initiative utilizes Sigstore technology and highlights the significance of trusted identities in safeguarding…

  • Simon Willison’s Weblog: PyPI now supports digital attestations

    Source URL: https://simonwillison.net/2024/Nov/14/pypi-digital-attestations/#atom-everything Source: Simon Willison’s Weblog Title: PyPI now supports digital attestations Feedly Summary: PyPI now supports digital attestations Dustin Ingram: PyPI package maintainers can now publish signed digital attestations when publishing, in order to further increase trust in the supply-chain security of their projects. Additionally, a new API is available for consumers and…

  • Hacker News: PyPI now supports digital attestations

    Source URL: https://blog.pypi.org/posts/2024-11-14-pypi-now-supports-digital-attestations/ Source: Hacker News Title: PyPI now supports digital attestations Feedly Summary: Comments AI Summary and Description: Yes Summary: PyPI has introduced support for digital attestations, enhancing supply-chain security for Python package maintainers. This update, part of PEP 740, allows maintainers to publish signed attestations associated with their projects, ensuring higher trust and…

  • Anchore: 2024 Software Supply Chain Security Report

    Source URL: https://anchore.com/reports/2024-software-supply-chain-security-report/ Source: Anchore Title: 2024 Software Supply Chain Security Report Feedly Summary: The post 2024 Software Supply Chain Security Report appeared first on Anchore. AI Summary and Description: Yes Summary: The text discusses the findings from the 2024 Software Supply Chain Security Report, emphasizing the heightened importance of securing software supply chains amidst…

  • Docker: Learn How to Optimize Docker Hub Costs With Our Usage Dashboards

    Source URL: https://www.docker.com/blog/hubdashboards/ Source: Docker Title: Learn How to Optimize Docker Hub Costs With Our Usage Dashboards Feedly Summary: Customers can now manage their resource usage effectively by tracking their consumption with new metering tools. By gaining a clearer understanding of their usage, customers can identify patterns and trends, helping them maximize the value of…

  • The Register: ‘Cybersecurity issue’ at Food Lion parent blamed for US grocery mayhem

    Source URL: https://www.theregister.com/2024/11/12/ahold_delhaize_cybersecurity_issue_blamed/ Source: The Register Title: ‘Cybersecurity issue’ at Food Lion parent blamed for US grocery mayhem Feedly Summary: Stores still open, but customers report delayed deliveries, invoicing issues, and more at Stop & Shop and others Retail giant Ahold Delhaize, which owns Food Lion and Stop & Shop, among others, is confirming outages…

  • The Register: TSMC halts advanced chip shipments to Chinese AI companies

    Source URL: https://www.theregister.com/2024/11/08/tsmc_chinese_ai_shipments/ Source: The Register Title: TSMC halts advanced chip shipments to Chinese AI companies Feedly Summary: Move to suspend 7 nm and smaller processes follows US pressure Semiconductor giant TSMC is expected to stop supplying chips made with 7 nm or smaller processes to customers in China that are developing AI processors or…

  • Anchore: Anchore Survey 2024: Only 1 in 5 organizations have full visibility of open source

    Source URL: https://anchore.com/blog/anchore-survey-2024-only-1-in-5-organizations-have-full-visibility-of-open-source/ Source: Anchore Title: Anchore Survey 2024: Only 1 in 5 organizations have full visibility of open source Feedly Summary: The Anchore 2024 Software Supply Chain Security Report is now available. This report provides a unique set of insights into the experiences and practices of over 100 organizations that are the targets of…