Hacker Newsnew | past | comments | ask | show | jobs | submit | ktrychon1's commentslogin

Octo STS a “Security Token Service” (STS) for GitHub credentials. Using this App, workloads running essentially anywhere that can produce OIDC tokens can federate with this App's STS API in order to produce short-lived tokens for interacting with GitHub.


This badge is built around the ESP32-S2 microcontroller serving as its own Wi-Fi access point. Additionally, the Wright Flyer badge has expansion capabilities to showcase two of your favorite #SAO.

Upon conclusion of #DEFCON 31, the source code will be made available for anyone who wants to modify and upgrade their very own copy of flight history.

All proceeds will go towards supporting our mission to build an inclusive community & promote knowledge.


On November 30, 2022, the Android Security and Privacy Team project published a vulnerability report as part of the Android Partner Vulnerability Initiative, which tracks security issues for Android Original Equipment Manufacturers (OEMs).

As attackers increase their sophistication, our defensive technologies for software signing must grow more sophisticated as well. This post focused primarily on the Android ecosystem in light of recent events, but the lessons learned apply to all systems for distributing software securely, including the internal software supply chain of any organization.

To protect yourself, it’s best to use tools with these principles built-in. For instance, Sigstore has transparency as a fundamental component, and uses TUF to manage its own root of trust, ensuring that if the worst were to happen, the project can safely recover.


The security vendor landscape is selling a pipedream that “scanners” and “software composition analysis” wares can detect all of the critical vulnerabilities at the software artifact level. They don’t.


Chainguard today announced the availability of Chainguard Enforce on Amazon Web Services (AWS) Marketplace. Chainguard Enforce is a software supply chain risk management platform that helps organizations secure every step of the software development lifecycle, by continuously monitoring security metadata to make real-time policy decisions for container application workloads.

The availability of Chainguard Enforce on AWS Marketplace makes it easier for existing AWS customers, software developers, enterprises and small and mid-sized businesses (SMB) to discover, purchase and deploy Chainguard Enforce in their existing AWS account.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: