Tag: supply chain security

Here you will find all the articles with the tag: supply chain security.

Tidelift shields organizations from the risks of open source

Tidelift shields organizations from the risks of open source

Tidelift has added new capabilities to its Tidelift Subscription. The newly expanded package allows organizations to assess the security of open-source software. Thanks to thousands of collaborations with open-source projects, the company contributes to the reliability of IT environments. Tideli... Read more

date6 months ago
CNCF’s Notary and Notation get first full release

CNCF’s Notary and Notation get first full release

The Cloud Native Computing Foundation's (CNCF) Notary Project and Notation Project standardization projects for supply chain security have received a major update with version 1.0.0, marking their first full release. The Notary Projects and its derivative Notation are two development projects fo... Read more

date8 months ago
EU will expand its cooperation with Japan on chip supply

EU will expand its cooperation with Japan on chip supply

The European Union is seeking to reduce its reliance on China for semiconductors. It hopes to find a suitable partner in Japan and is rolling out plans to boost cooperation. This week the European Union announced that it will will deepen its ties with Japan on semiconductors. Thierry Breton, the... Read more

date9 months ago
OpenSSF strengthens supply chain security with SLSA 1.0

OpenSSF strengthens supply chain security with SLSA 1.0

SLSA 1.0 is intended to provide a standard language for software supply chain security. The project is at an important milestone in software development security with its first stable version, according to OpenSSF. The Open Source Security Foundation (OpenSSF) was launched in 2020 by the Linux F... Read more

date12 months ago
Nearly all companies have misconfigurations in cloud environments

Nearly all companies have misconfigurations in cloud environments

Nearly all organizations (98.6 percent) are experiencing worrisome misconfigurations that pose significant risks to data and infrastructure. According to research by Zscaler, the increasing use of cloud technology is leading to more and more vulnerability problems. In the study, Zscaler finds th... Read more

date1 year ago
Sigstore launches free software signing service

Sigstore launches free software signing service

The open-source technology allows users to verify the reliability of software components. Sigstore is used by the developers of giant projects like Kubernetes and Python. The free technology was recently made generally available. Software supply chain security is a growing problem. Vulnerabilit... Read more

date1 year ago
1 2