Hosted on MSN

Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware

Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer packages, exposing GitHub tokens, cloud credentials, and password vaults across ...
SDxCentral

OpenSSF give supply chain security a boost with SLSA 1.0

Supply chain security represents a complex challenge for organizations across industries, but it might be getting just a bit easier today with the release of the SLSA (pronounced salsa) 1.0 ...
KHON2

Alongside SLSA 1.0 Stable Release & EO 14028 Requirements, ActiveState Deploys Signed Attestations and SBOMs for Complete Provenance

ActiveState enables organizations to achieve Level 3 SLSA compliance through a hardened build service and automatically generated Provenance VANCOUVER, BC, April 26, 2023 /PRNewswire/ -- Today, ...

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI vendor questionnaires are missing.
CSOonline

OpenSSF releases SLSA v1.0, adds software supply chain-specific tracks

SLSA v1.0 has been designed to make the software supply chain security framework more accessible and specific to areas of the software delivery lifecycle. The Open Source Security Foundation (OpenSSF) ...
SDxCentral

Google SLSA, Linux Foundation Drops SBOM for Supply Chain Security Boost

Google and the Linux Foundation separately debuted new tools to improve supply chain security, with a specific focus on open source software, as federal agencies work on software-related standards and ...