We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Google recognizes that before you can understand something, you need to measure it, and is bringing a way to measure security errors across open-source software programs.
The Internet Security Research Group - backed by Google's financial support - has provided prominent developer Miguel Ojeda with a one-year contract to work on Rust in Linux and other security efforts full-time.
To tackle the growing threat of attacks on the software supply chain, Google has proposed the Supply chain Levels for Software Artifacts framework, or SLSA which is pronounced "salsa". Can Google's 'salsa' make life harder for supply chain attackers? Comment below - we want to hear what you think!
