Verify Sigstore Cosign format signatures and attestations using keys, certificates, or keyless attestors.| Kyverno
I first wrote this post back in 2021 so I thought it’s time for a revisit with an addition of a few more roles. We talk about attackers being the enemy. Sometimes we talk about insider threats. But one of our biggest enemies is pernicious dependencies that limit our ability to keep environments up to date and configured to what we expect or need. One common trait of the best security programs is they have a massively deep and current understanding of what is in their environment and acros...| Risk and Cyber
Understanding software supply chain attacks and strategies to defend against them.| fossa.com
Without great security, sophisticated actors can steal AI model weights. Thieves are likely to deploy dangerous models incautiously; none of a lab’s deployment-safety matters if another actor deploys the models without those measures.| ailabwatch.org
How the Kyverno project believes it is meeting SLSA Level 3 requirements.| Kyverno