AI makes Helm tolerable

In the latest episode of Cloud Unfiltered, @colek42c breaks down the concepts of supply chain security and discussed the importance of attestation with @mchenetz. Listen on Substack: https://t.co/J62BciNLS7 or watch here: https://t.co/aEUfP4maTn

Can you guess what we are working on?

go-witness now support signing and verifying policy with @projectsigstore https://t.co/8j7HCoMcIz

If you are in Chicago for #KubeConNA I highly recommend @Wookiefoot playing at Reggies tonight at 9:30.

Bingo! Signatures are empty attestations, or even Implicit Attestations where the subject and predicate are defined out of band by the context of how the signature was generated. Explicit is better than implicit in security!

Has anyone used, or maybe written about using in-toto for tracking provenance of AI models? cc @trishankkarthik @justincormack, @torresariass , @ffkiv , @adityasaky

For anyone looking for a last minute Halloween Costume... We hear that supply chain security experts get paid well... This kit could get you started. 😎 💻 Stay safe out there in the digital world. #halloween #cybersecurity #softwaresupplychain

2 offers out and signed!

We’re hiring @testifysec! 🛡️🎉 Have you ever wanted to work on open source full time? Do you want to make the world’s 🌎 software more secure? 🔐 This could be for you:

We're having our first Witness and Archivista community call today at 11:00 am EDT! 🎉Come learn about attestations for your supply chain. ⛓️Meeting info here:

Are you heading to #devopsdaysdc? I will be there Thursday, Sept 14. Who want's to meet up and nerd out over the importance of software supply chain security. #testifysec #software #supplychain

My personal version of hell is using JIRA over a VDI hosted across the ocean.

As supporters and maintainers of in-toto, we are extremely excited to support their graduation proposal. The in-toto framework is the security backbone of our products at TestifySec, and we couldn’t be more proud to support the project for graduation.

Happy Labor Day! I hope you too are ghosting work today like I am. #laborday

📦 SBOMit An SBOM format independent method for attesting components with additional verification information Uses in-toto attestations and layouts https://t.co/73cbh6Vn6I

📚 tl;dr sec 196 How secrets leak in CI/CD @KarimPwnz WrongSecrets lab @owasp AI threat modeling @DanielMiessler in-toto: API of DevSecOps @adityasaky, @colek42c Rein in your SIEM @ExpelSecurity Simple parenting hacks @rez0__ #cybersecurity https://t.co/ggg5F5MkqW

I wrote down some of my ideas around DevSecOps and how we can leverage the in-toto API to move forward. https://t.co/8X98geK49a

Who would be interested in a co-located conference dedicated to TUF and in-toto?

At TestfiySec we want to encourage our team to lean into innovation and not doing something just because everyone else is. But find creative ways to deliver better results for our partners and the Saas community as a whole. Thoughts? #cybersecurity #testifysec #saas