Certificate Transparency (CT) has been a cornerstone of internet security for over 11 years. The CT ecosystem has caught tens of thousands of certificate misissuances, numerous backdated certificates, and countless baseline requirement violations. By...| Transparency.dev Community Blog
Bootstrapping a Global Witness Network with the ArmoredWitness| Transparency.dev Community Blog
The past year I have been hacking around on tools utilizing TPMs, and one of the features I have been interested to learn more about is the device attestation features. After being a bit inspired by some ideas from people at work, the hackerspace and toots on mastodon, I figure out a SSH certificate authority would be a cool small project to hack on. Last year I wrote an SSH agent with TPM bound keys so this would nicely fit into the existing tooling.| Morten Linderud
In July 2022, the KubeEdge community completed a third-party security audit of KubeEdge and released a paper on cloud native edge computing security threat analysis and protection. Based on the security threat model and audit suggestions, the community consistently strengthens the KubeEdge software supply chain. Now, we are excited to announce that KubeEdge v1.13.0 (including both binary and container image artifacts), released on January 18, 2023, achieves SLSA 3 compliance, first of its kin...| KubeEdge Blog
Building on my work to rebuild Trisquel GNU/Linux 11.0 aramo, it felt simple to generalize the tooling to any two apt-repository pairs and I’ve created debdistreproduce as a template-project for doing this through the infrastructure of GitLab CI/CD and meanwhile even set up my own gitlab-runner on spare hardware. I’ve brought over reproduce/trisquel to using debdistreproduce as well, and archived the old reproduce-trisquel project.| Simon Josefsson's blog
Do you want your apt-get update to only ever use files whose hash checksum have been recorded in the globally immutable tamper-resistance ledger rekor provided by the Sigstore project? Well I thought you’d never ask, but now you can, thanks Continue reading Sigstore protects Apt archives: apt-verify & apt-sigstore→| Simon Josefsson's blog