Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More The bulk of code in today’s modern software artifacts is open-source in ...

The Linux Foundation today announced its launch of Sigstore, a new nonprofit initiative that aims to improve open source software supply chain security by making it easier for developers to adopt ...

The Linux Foundation's sigstore code-signing software, developed with Google, Red Hat and Purdue University, will help prevent attacks on the software supply chain. The Linux Foundation has launched a ...

Notable incidents such as SolarWinds and Log4j have placed a focus on software supply chain security. They have also sent security teams in search of tools to ensure the integrity of software from ...

The recent news that hackers had breached remote access solution company AnyDesk shined a harsh light on the need for companies to take a long, hard look at code-signing practices to help ensure a ...

Thirty years ago IBM launched the XT5160 — the first hard drive DOS-based PC. But the computer virus, nowadays so seemingly tied to the PC, actually appeared almost a decade earlier. It took until ...

From package signing to SBOMs to new developer toolchains, the pieces for securing the software supply chain are starting to come together. The Log4j vulnerability in December 2021 spotlighted the ...

How do you know the code you’re using can be trusted? It’s a very important question – organizations and developers need to know code is genuine and hasn’t been tampered with, or they could risk ...

Blockchain infrastructure developer, Bison Trails, revealed on August 20, 2020 that it has launched its double-signing protection software (DSP) which aims to address the risk of “slashing penalties” ...