vmbrasseur, 1 month ago to opensource

Reviewing some content in this ante-penultimate (!!!) chapter of _Business Success with #OpenSource _ and suspect I may have been in an "I'm sick of this crap" mood when I wrote this.

Definitely keeping it in the book.

https://fossbiz.com

#licensing #SoftwareSupplyChain #REUSE

vmbrasseur, 1 month ago to opensource

I'll be in Seattle next week (Apr 15-18). Have questions about how your company uses/releases #OpenSource, about it's #SoftwareSupplyChain management, or about its overall #Strategy/positioning?

Let's talk. I'm now scheduling free advice sessions. Grab your time here: https://calendly.com/vmbrasseur/ossna-2024-seattle-meetup

boosts appreciated!

underlap, 1 month ago to random

Given the news of the xz backdoor, may I recommend this seminal paper from Ken Thompson's 1984 Turing Award lecture showing how a compiler with no backdoors in the source code can nevertheless propagate a backdoor.

Reflections on trusting trust | the morning paper
https://blog.acolyer.org/2016/09/09/reflections-on-trusting-trust/

#SecureSoftwareSupplyChain #SoftwareSupplyChain #XZBackdoor

Anachron, 1 month ago to random German

Holy canneloni, the #xz/ #liblzma issue seems to be around one year in the making.

I guess we really need a way how to prevent new people from doing harm to #oss.

https://news.ycombinator.com/item?id=39866936

sebastian, 5 months ago to php

PHPUnit 8.5.35, PHPUnit 9.6.14, and PHPUnit 10.5.0 are the first versions of PHPUnit where composer.lock is under version control and part of the (signed, of course) release tag.

The PHAR binary of PHPUnit now has a --composer-lock CLI option that prints the composer.lock that was used to build the PHAR.

Making the build of PHPUnit's PHAR reproducible is another step towards a more secure #PHP #SoftwareSupplyChain.

#R13Y #ReproducibleBuilds

fosslife, 7 months ago to security

Did you miss anything from FOSSlife this week? Check out FOSSlife Weekly and subscribe free to get it every week https://app.moosend.com/show_campaign/3a686f9d-32f3-4b5b-b34d-acfa5f51880a #SoftwareSupplyChain #security #Linux #Vulnerability #DataCenter #climate #DDoS #OpenStack #Bobcat #Python #jobs #events #seagl2023

fosslife, 7 months ago to security

Sonatype's 9th annual State of the Software Supply Chain report shows a rise in attacks https://www.fosslife.org/open-source-software-supply-chain-attacks-rise #security #SoftwareSupplyChain #Sonatype #OpenSource #research #FOSS

BishopFox, 7 months ago to Cybersecurity

Be proactive about your #softwaresupplychain security. A well-planned #cybersecurity strategy can prevent costly breaches before they happen. Check out our write-up for more info. https://bfx.social/3r6wqzl

#offensivesecurity #supplychain

fosslife, 8 months ago to security

New roadmap for open source security released by the Cybersecurity & Infrastructure Security Agency https://www.fosslife.org/cisa-lays-out-roadmap-open-source-software-security #security #CISA #OpenSource #SoftwareSupplyChain #Log4j #FOSS

fosslife, 8 months ago to opensource

Open Source Consumption Manifesto released by @openssf https://www.fosslife.org/openssf-creates-manifesto-consumption-open-source-software #OSCM #OpenSSF #OpenSource #guidelines #SoftwareDevelopment #SoftwareSupplyChain #FOSS #vulnerabilities #policy #security

fosslife, 1 year ago to random

New hybrid data center and security management platform announced by CIQ https://www.fosslife.org/ciq-releases-new-software-security-management-platform #CIQ #CIQMountain #SystemAdministration #DevOps #security #SoftwareSupplyChain

fosslife, 1 year ago to random

New cheat sheet from @SynopsysAppsec offers tips for creating an effective SBOM https://www.fosslife.org/tips-creating-effective-sbom #security #SBOM #tools #SoftwareSupplyChain #SoftwareDevelopment

fosslife, 1 year ago to programming

Assured Open Source Software service from Google now available at no cost https://www.fosslife.org/googles-assured-oss-service-now-available-free #Python #Google #Java #security #SoftwareSupplyChain #OSS #AssuredOSS