This thread resonates. Better stuff (vaccines, platforms) comes along and if you are smart you move to it. That doesn't mean you made a bad initial decision. It just means that you always need to be open to change.

The same is very true of green platforms - greener stuff comes…

Merkle Town is a great visualisation dashboard from Cloudflare for Certificate Transparency.

It's a fun way to understand the CT ecosystem: ct.cloudflare.com

The folks at Cloudflare are looking to revamp the dashboard. Please share any feedback you may have!

Tracy Miranda I'm not sure how reliable is this info to be honest. But I'm part of the on-call rotation and I'm a Chainguard employee. I also know another organization which is part of the on call rotation and it isn't mentioned either in that paragraph 🤔.

Oh, it really is a shame Chainguard no longer help operate the Sigstore public good instance.

Like open source maintenance, open source SRE is very challenging and the more hands, the better.

Many thanks to all those orgs who are keeping this very important service running!👏

Now, please, add support for gitsign'ed commits 🙏🏻

Early adopters of github attestions:
github.com/search?q=path%… (shout out stacklok !)

I don't see anyone signing a .deb yet, I was hoping to adapt some `cosign verify-blob` based stuff.

Yes, this is me. Thanks to Jenkins for putting me in the contributor spotlight.

Some thoughts on @ibm acquiring HashiCorp

medium.com/@fintanr/on-ib…

This is so cool!! Kelly Shortridge

'in-browser security decision tree tool Deciduous can be used to generate these attack trees as code.'

Andrew Martin ⚡☸️ Michael Hausenblas Hacking Kubernetes (p. 31). O'Reilly Media.

kellyshortridge.com/blog/posts/dec…

Nobody got fired for buying Terraform

If IBM decides to merge Terraform and Ansible, would that be Terrible?

Nobody got fired for buying Terraform

FU money, explained

Disgraceful behaviour Romaric Philogène ⚡.

Thank you Anaïs Urlichs for being so brave.

With Ⓞrbit shutting down, the importance of open-source is even more obvious. People who used it (including us at Wasp) are left with only a JSON.

It seems like there is a gap for a good, modern open-source community tracker. Anybody care to build one?

Key takeaways:  More general funding moderately correlates with better security practices in open source projects 🔓

This trend occurs across multiple Scorecard checks, not just a single security practice. Also cool? More funders backing a project, stronger correlation!

A research perspective on trying to answer the question does more money = more secure for oss

🚨NEW ISSUE BRIEF🚨: Can money help open source software security? A new Cyber Statecraft paper by John Speed Meyers, Sara Ann Brackett, and Stew Scott looks at the funding and @OpenSSF Scorecard scores of top npm and Python packages. 💵🔐💻