European union’s supply chain security guidelines for software suppliers20211015010933

European union’s supply chain security guidelines for software suppliers

Dana CraneOctober 15, 2021Google SLSA, MITRE D3FEND, Open source supply chain security, SBOM, software supply chain security, solarwinds, Supply chain attacks, typosquatting
The European Union Agency for CyberSecurity (ENISA) is an agency of the European Union (EU) that helps the EU address cybersecurity through policy and...
Anaconda vs ActiveState: The better partner for a more secure Python supply chain20211001163200

Anaconda vs ActiveState: The better partner for a more secure Python supply chain

Dana CraneOctober 1, 2021Anaconda, conda, conda forge, dependency confusion, Python ecosystem, python security tools, typosquatting
Python comes in many flavors, offering Pythonistas more than one way to accomplish their tasks. But for developers, the key criteria for making a choi...
To build or not to build – When to seek custom engineering solutions20210902141833

To build or not to build – When to seek custom engineering solutions

Dana CraneSeptember 2, 2021cost benefit analysis, custom engineering, opportunity cost, outsourcing, work to be done
Think you know the difference between core software development work and custom engineering? This post will make you think again....
Software Supply Chain Security Checklist for Enterprises20210819133337

Software Supply Chain Security Checklist for Enterprises

Dana CraneAugust 19, 2021codecov, dependency confusion, Open source supply chain security, perl, python, solarwinds, typosquatting
Hackers are increasingly targeting your dev and CI/CD environments. This blog discusses the controls you need to put in place to thwart them....
Goodbye Community Editions; Hello ActiveState Platform20210812060027

Goodbye Community Editions; Hello ActiveState Platform

Dana CraneAugust 12, 2021activeperl, activepython, activestate platform, activetcl, Open source supply chain security
ActivePerl, ActivePython and ActiveTcl are being replaced by the ActiveState Platform's advanced package management capabilities. Learn why....
3 ways the ActiveState Platform can secure your open source supply chain20210715121845

3 ways the ActiveState Platform can secure your open source supply chain

Dana CraneJuly 15, 2021dependency confusion, open source signing, Open source supply chain security, provenance, typosquatting, verifiably reproducible builds
Learn how to secure your open source supply chain from import through consumption via provenance, verifiably reproducible builds and code signing....
Reproducibility: How to Ensure Your Code Works on Every Machine20210702115534

Reproducibility: How to Ensure Your Code Works on Every Machine

Dana CraneJuly 2, 2021Configuration Drift, environment reproducibility, Reproducibility, reproducible builds, SLSA, Supply-chain Levels for Software Artifacts
Learn how to gain reproducible runtime environment builds that deliver open source artifact integrity and eliminate configuration drift....
President Biden: Secure Your Software Supply Chain20210610103057

President Biden: Secure Your Software Supply Chain

Dana CraneJune 10, 2021bill of materials, open source security, open source supply chain, provenance, vulnerability remediation
Learn how you can comply with President Biden's Executive Order by implementing open source provenance, vulnerability remediation and a BOM....
How to remediate your open source vulnerabilities quicker20210527143401

How to remediate your open source vulnerabilities quicker

Dana CraneMay 27, 2021build from source, dependency conflicts, dependency resolution, environment reproducibility, python, python 3.9, security-first python
Learn how you can use the ActiveState Platform to remediate open source vulnerabilities in hours instead of days....
Managing Python Packages Better: The ActiveState Way to Python at Scale20210514011908

Managing Python Packages Better: The ActiveState Way to Python at Scale

Dana CraneMay 14, 2021build from source, dependency conflicts, dependency resolution, environment reproducibility, python, python 3.9, security-first python
Python 3.9 from ActiveState provides a single toolchain for Windows and Linux that can automatically build and resolve dependencies....
Previous
1237
Next