https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/videos/Recent content in Videos onHugo -- gohugo.ioen-USMon, 05 Sep 2022 08:49:15 +0000https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/videos/pypi/Mon, 01 Aug 2022 15:21:01 +0200https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/videos/pypi/On 8/24/22, PyPI, an open source repository of software for the Python programming language, announced an active phishing campaign targeting PyPI users. How did it happen and how can we prevent future attacks? Let’s recap: Before we cover the phishing attack, it’s worthwhile to mention that on July eighth, PyPI announced it would require the implementation of two-factor authentication (2FA) for projects deemed critical — that is, any project in the top 1% of downloads of the past 6 months.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/videos/distroless/Mon, 01 Aug 2022 15:21:01 +0200https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/videos/distroless/Have you heard of distroless container images? This video is going to break down what they are, how they work, and why they’re better. The easiest way to explain what a distroless container image is and how it differs from a traditional fat container image is by starting with the fat container image, then we’ll point out the parts that aren’t necessary and how distroless images let you build smaller, leaner, more secure container images.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/videos/github-typosquatting/Mon, 01 Aug 2022 15:21:01 +0200https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/videos/github-typosquatting/Hi, I’m Dan Lorenc, CEO & Co-founder of Chainguard and I’ve been working in the open source software supply chain security space for a long time. Today, we’re going to recap the massive typo squatting attack that was carried out against a bunch of open source projects on GitHub on August 3, 2022. Typosquatting is a type of attack where an attacker changes the name of a real project subtly to make it look like that project but it’s not actually the same repository or package and it is really hard to detect because there are a lot of subtle ways to do it.https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/videos/sigstore/Mon, 01 Aug 2022 15:21:01 +0200https://deploy-preview-3155--ornate-narwhal-088216.netlify.app/software-security/videos/sigstore/Let’s talk about software supply chain security. Vulnerabilities and attacks in software have been increasing in recent years, and the U.S. government recently passed a Bill in the House that would forbid the Department of Defense (DoD) from procuring any software applications that contain a single security vulnerability or CVE (short for common vulnerability or exposure). Attacks and other security issues can exist all across the software supply chain, from the dependencies or packages you leverage in your code, to the code you write, to your deployment and integration strategy, to your packaging.