Mar 25, 2024
How Intel Uses OpenSSF Scorecard To Better Secure Its Software Portfolio
Scorecard is an automated tool from the OpenSSF that assesses 19 different vectors with heuristics ("checks") associated with important software security aspects and assigns each check a score of 0-10. You can use these scores to understand specific areas to improve in order to strengthen the security posture of your… Read more.
Feb 16, 2024
Scaling Up Supply Chain Security: Implementing Sigstore for Seamless Container Image Signing
In this post, we will explore how Yahoo leverages Sigstore, in concert with Athenz, an open source platform for managing X.509 certificates, as an internal Certificate Authority, to sign and verify container images. Read more.
Mar 20, 2023
Improving Supply Chain Security: IBM as a user and a contributor to Open Source Security Foundation Scorecard
Scorecard is becoming a key part of IBM’s review and curation of the open-source software in our products and services. IBM is committed to helping address the systemic security issues in modern SW supply chains and believes an important part of this effort is to help the open-source ecosystem improve… Read more.