Mark Manning
Twitter for Android : Hey that's me. See you in Buffalo talking about why specifically your software chain is in trouble and what the industry is doing to address it.
jed.yaml
Bio ποΈπ && lead security architect @isovalent. formerly @heptio @etsy and @google. #BlackLivesMatter
Location bpf()
Tweets 815
Followers 610
Following 555
Account created 12-01-2021 14:51:55
ID 1349006170770563072
Matt Moore βπ
Twitter Web App : I'm going to be at the sigstore booth for a good chunk of time today. Swing by and say 'Hi!'.
If you haven't seen 'keyless signing' yet, it is a super quick and easy way to sign OCI images and now Git commits! Come see a quick demo, just don't blink.
jed.yaml
Twitter Web App : I'm not at KubeCon but seeing my O'Reilly eBPF Security release being mentioned by Liz Rice @ KubeCon π ππ is a pretty amazing feeling. Congrats on your release, Liz!
h/t Adrian Mouat for the π·
Dev Interrupted
Hootsuite Inc. : You know about the normal supply chain, but what about the software supply chain & what it means for your business? π€
We sat down with co-founder & head of product at ChainguardKim Lewandowski to talk about software supply chain security: devinterrupted.com/what-is-softwaβ¦
Dan Lorenc
Twitter Web App : Amazing! sigstore cosign can now sign #eBPF modules using bumblebee from solo.io!
Thanks Eitan Yarmush!
github.com/sigstore/cosigβ¦
jed.yaml
Twitter Web App : why is Google prompting me to enable 2-fa when I have advanced protection enabled on my account? π€ they should like, know this, right?
Dan Lorenc
Twitter for Android : Full blog post coming soon!
jed.yaml
Twitter for iPhone : My daughter just graduated undergrad as a first generation graduate, cum laude. Major proud father vibes
Matthew Garrett
Twitter Web App : Now all the big three cloud providers support vTPMs, we can ensure that CI bearer tokens are bound to hardware, right? Right? RIGHT?
Matt Moore βπ
Twitter for iPhone : Swing by the sigstore booth for a demo of using it for Git signing!
jed.yaml
Twitter Web App : Curiius about supply chain security? All the material you need to learn about the problems and solutions in the supply chain security field in one place.
Excellent resource from Guardian, Zack Newman!
Matt Moore βπ
Twitter Web App : Signing git commits with sigstore is magical.
Chainguard
TweetDeck : As part of todayβs White House Open Source Security Summit, we are calling on the broader industry and governments to standardize digital signatures for software security with
sigstore from OpenSSF
Read more β¬οΈ
blog.chainguard.dev/sigstore-stateβ¦
jed.yaml
Twitter Web App : generating a PGP main key, and then subkeys is like taking a trip back in time to the 1990's
Dan Lorenc
Twitter Web App : I did not expect to see sigstore on cspan today!