Since ChatGPT, “the number of hostile open source packages has gone through the roof” —stacklok’s Craig McLuckie. These hostile actors threaten to “undermine the trust in open source.” #OSSummit

The Good, Bad and Ugly for GenAI by Craig McLuckie at #OSSummit

The Good: More productive maintainers
The Bad: New vulnerabilities and methods of exploitation
The ugly: Increasing pressure on communities

Path forward for #opensource producers and consumers

(2/2) Our second announcement: Minder Cloud!

Having high-quality intelligence about open source packages is only as useful as an organization’s or a community’s ability to drive policies that shape developer behavior. That’s why we launched the open source software security…

(1/2) 👋 We made some big announcements today at the #OSSummit . Here's the first.

Today, we're introducing the OSS Trust Graph, a way to model trust in #opensource ecosystems. It maps the connections between open source contributors and projects, and, through our…

We're at #OSSummit this week! Stop by our booth in the Solutions Showcase to say hi and catch a demo of new Minder capabilities. (And grab some new socks 🙂 )

And don't miss Craig McLuckie 's keynote on Weds at 10:20; he'll be talking about AI security and announcing some new…

Craig McLuckie from #Stacklok gives a keynote about navigating supply chain risk in a world of #AI assisted developers, LIVE at #ossummit .

View the schedule: events.linuxfoundation.org/open-source-su…
#opensource

The private beta sign up link. We are accepting folks in rounds, so worth signing up early:

stacklok.com/private-beta-r…

Busy day at stacklok , we also released Minder Cloud today. Craft custom policies for remediation at scale. The GitHub provider implementation is in place with a UI to compliment the CLI. stacklok.com/blog/announcin…

This is an excellent addition

Adolfo García Veytia (puerco), Staff Software Engineer from stacklok, delves into the emerging challenges in open source software. He discusses the new foundations of SBOM and outlines the next steps for the SBOM ecosystem.
#SOSScommunity

We're excited to see the open source Protobom project, originally created by Stacklok engineer puerco , officially launching today through a partnership with CISA, OpenSSF, and the Dept of Homeland Security.

SBOMs can be complex to use, because they have multiple data formats…

#heptio 🎉
A bunch of which are now working on stacklok

Definitely keep an eye on what’s happening there!

What's up dog, I mean Marmot.

I won't be at the #ossummit next week, but my co-founder Craig McLuckie will be, along with lots of other stacklok foks. Come visit our booth and Say Hi. We have lots of new stuff to show folks and gather feedback.

We'll be at Open Source Summit North America!
#opensourcesoftware #SoftwareSupplyChain #CyberSecurity #OpenSource Security #SecureCoding #Sigstore #OpenSource #DeveloperCommunity

I knew as much