home.social
Sign in Create account

#ssdf — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #ssdf, aggregated by home.social.

  1. Esther Schindler @[email protected] ·

    Wind River Achieves SSDF Security Milestones — and Why It Matters

    In support of Wind River’s commitment to building and delivering secure, trustworthy software, the company is proud to announce that eLxr Pro, Wind River Studio Developer, and Wind River Private Cloud Suite all achieved Full Secure Software Development Framework (#SSDF) conformance.
    windriver.com/blog/Wind-River-

    #ssdf
  2. Beth Pariseau @[email protected] ·

    A last-minute executive order puts more force behind #CISA #softwaresupplychain and #cybersecurity requirements for federal suppliers.

    "This is their saving throw, to use a Dungeons & Dragons term -- if you get a critical hit from the dragon, you can still roll a D20 [dice] to survive. This is their chance to roll a saving throw and do what we needed at the time we first said we needed it." ~ Joshua Corman

    #securesoftwaredevelopment #cybersecurity #executiveorder #softwaresecurity #SSDF #CISA #NIST #compliance #governance

    techtarget.com/searchitoperati

    #cisa #softwaresupplychain #cybersecurity #securesoftwaredevelopment #executiveorder #softwaresecurity
  3. Stewart X Addison @sxa ·

    My colleague Scott Fryer gave a talk at this year's @EclipseFdn 's on 's secure development practices, what we've done and what we're going to do going forward. It covers , , , binary and keeping a heterogeneous project's infrastructure secure with

    If some of those buzzwords have piqued your interest (or you want to know what they are) checkout his video: youtube.com/watch?v=mpEKUnX84UQ

    #eclipsecon #adoptium #slsa #ssdf #sbom #reproduciblebuilds
  4. zeruch @[email protected] ·

    "TACOS, in addition to being delicious, are now getting a new meaning as a framework for evaluating and attesting to the secure #software #development practices of open source packages....TACOS is grounded in the #NIST #SSDF, and draws from the #OpenSSF Scorecard project and the Center for Internet Security Software Supply Chain Security Guide as well"

    Interesting,, and certainly named with the typical #FOSS adherence to decorum.

    blog.tidelift.com/introducting

    #software #development #nist #ssdf #openssf #foss
  5. Ross Grady @[email protected] ·
    Looking back on 2022, among other things I will remember this as the year in which I spent a *lot* of time explaining topics like software supply chain security, #SLSA, the NIST #SSDF, etc, to people at other companies whom I would have devoutly hoped, given their jobs/products, would not need me to explain any of it.
    #slsa #ssdf