With supply chain attacks on the rise, a shared vocabulary and universal framework is needed to provide incremental guidance to harden supply chains for more secure software production. This page introduces the main concepts behind SLSA and explains how it can help anyone involved in producing, consuming, or providing infrastructure for software.| SLSA
A comparison of tools to sign/verify Docker images and create image attestations, explaining important concepts & providing tool recommendations.| AugmentedMind.de
The last few years have seen the Application Security (AppSec) industry undergo some dramatic changes, with new types of attacks materializing and new types of security companies forming in response. The classic security industry game of whack-a-mole is now in full swing, with enterprises, security vendors, and AppSec teams alike collectively figuring out what it…| Scale Venture Partners