by Azalio tdshpsk | Aug 22, 2022 | Security
Security is one of the few things that will survive the budget axe should the world plunge into recession, but it’s increasingly clear that we can’t simply spend our way to a secure future. Indeed, SLSA (Supply-chain Levels for Software Artifacts), Tekton, and other...
by Azalio tdshpsk | Aug 4, 2022 | Security
A zero-knowledge proof, also known as ZKP protocol, attempts to establish a fact between parties with a minimum amount of information exchange. In cryptography, it is intended to limit the transfer of information during authentication activities. ZKP’s...
by Azalio tdshpsk | Jul 27, 2022 | Security
The compromise of SolarWinds’ system management tool raised a lot of interesting issues for anyone using a CI/CD (continuous integration and continuous delivery) build process for their software. How can we ensure that the software we distribute to our users is the...
by Azalio tdshpsk | Jul 19, 2022 | Security
Who owns software supply chain security? Developers? Or the platform and security engineering teams supporting them?In the past, the CIO, CISO, or CTO and their security team would decide which Linux distribution, operating system, and infrastructure platform the...
by Azalio tdshpsk | Jul 12, 2022 | Security
Log4j was the bucket of cold water that woke up most developers to their software supply chain security problem. We’ve spent decades in software building things and obsessing over our production environment. But we’re building on unpatched Jenkins boxes sitting under...
by Azalio tdshpsk | Jun 27, 2022 | Security
Devops is primarily associated with the collaboration between developers and operations to improve the delivery and reliability of applications in production. The most common best practices aim to replace manual, error-prone procedures managed at the boundaries...
