#software-supply-chain — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #software-supply-chain, aggregated by home.social.
-
Το #OpenSource είναι παντού, αλλά η ψηφιακή μας υποδομή συχνά στηρίζεται σε έναν εξουθενωμένο maintainer. 🐘🛠️
Στο νέο άρθρο, αναλύω το "Trust-State Inversion", το GSD incident και το xz backdoor. Πώς μπορούμε να χτίσουμε μια πραγματική αγορά εμπιστοσύνης στην Ευρώπη με το επερχόμενο Cyber Resilience Act (#CRA);
Η λύση κρύβεται στη σωστή χρηματοδότηση και τα ανοιχτά πρότυπα.
👉 https://eiosifidis.blogspot.com/2026/07/open-source-trust-cra-ai-security.html
#Linux #Cybersecurity #openSUSE #InfoSec #SoftwareSupplyChain #TechSovereignty #Tech
-
We have released a new version for the first time in a long while. As well as the usual software updates, it includes our experience with agent-based code generation and securing the software supply chain: https://www.python4data.science/en/26.1.0/
#Python #DataScience #AgenticCoding #Claude #SoftwareEngineering #SoftwareSupplyChain #SupplyChain -
Recent attacks on TanStack, Axios, Nx Console, and DAEMON Tools reveal why code signing and software provenance prove origin, not safety. https://hackernoon.com/your-software-supply-chain-only-proves-where-code-came-from-not-whether-its-safe #softwaresupplychain
-
Three open-source AI agent skill managers have each reached 2,000 GitHub stars in months. Problem: skills are natural-language instructions agents execute with full file and shell access. Only one of the three scans skill files for attacks before use. That's a supply-chain gap worth watching. https://www.implicator.ai/ai-agent-skill-managers-are-a-supply-chain-surface-most-of-them-dont-guard/ #infosec #AI #softwaresupplychain
-
#RedHat: More than 30 #npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack to steal developer credentials including GitHub secrets, AWS/Azure/GCP credentials, npm & PYPI tokens:
#SoftwareSupplyChain
👇
https://www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/ -
When I introduce someone to Asfaload's solution, I noticed the discussion often follows the same script. That led me to write it down in a post. Take look if you want to understand what Asfaload does and how: https://www.asfaload.com/blog/asfaload-intro/
#buildinpublic #security #softwaresupplychain