home.social

#software-supply-chain — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #software-supply-chain, aggregated by home.social.

fetched live
  1. Το είναι παντού, αλλά η ψηφιακή μας υποδομή συχνά στηρίζεται σε έναν εξουθενωμένο maintainer. 🐘🛠️

    Στο νέο άρθρο, αναλύω το "Trust-State Inversion", το GSD incident και το xz backdoor. Πώς μπορούμε να χτίσουμε μια πραγματική αγορά εμπιστοσύνης στην Ευρώπη με το επερχόμενο Cyber Resilience Act (#CRA);

    Η λύση κρύβεται στη σωστή χρηματοδότηση και τα ανοιχτά πρότυπα.

    👉 eiosifidis.blogspot.com/2026/0

  2. We have released a new version for the first time in a long while. As well as the usual software updates, it includes our experience with agent-based code generation and securing the software supply chain: python4data.science/en/26.1.0/
    #Python #DataScience #AgenticCoding #Claude #SoftwareEngineering #SoftwareSupplyChain #SupplyChain

  3. Recent attacks on TanStack, Axios, Nx Console, and DAEMON Tools reveal why code signing and software provenance prove origin, not safety. hackernoon.com/your-software-s #softwaresupplychain

  4. Three open-source AI agent skill managers have each reached 2,000 GitHub stars in months. Problem: skills are natural-language instructions agents execute with full file and shell access. Only one of the three scans skill files for attacks before use. That's a supply-chain gap worth watching. implicator.ai/ai-agent-skill-m #infosec #AI #softwaresupplychain

  5. #RedHat: More than 30 #npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack to steal developer credentials including GitHub secrets, AWS/Azure/GCP credentials, npm & PYPI tokens:
    #SoftwareSupplyChain
    👇
    bleepingcomputer.com/news/secu

  6. When I introduce someone to Asfaload's solution, I noticed the discussion often follows the same script. That led me to write it down in a post. Take look if you want to understand what Asfaload does and how: asfaload.com/blog/asfaload-int
    #buildinpublic #security #softwaresupplychain