all InfoSec news
SLSA 1.0 delivers build provenance: What application security teams need to know
Malware Analysis, News and Indicators - Latest topics malware.news
The latest version of the Supply-chain Levels for Software Artifacts (SLSA) framework for improving software supply chain security offers several improvements over the previous version, including better provenance guidelines and a system of "tracks" for implementation.
SLSA 1.0, introduced in April by the Open Source Security Foundation (OpenSSF), depends more on community consensus than does the earlier version. It brings much-needed focus to the framework, especially the new guidance around software provenance — determining the origin, development, ownership, location, …
application application security april artifacts build foundation framework guidelines latest open source open source security open source security foundation openssf provenance security security foundation security teams slsa software software supply chain software supply chain security supply supply chain supply chain security system teams the open source security foundation version