A naukri.com initiative
TechCrunch
2w
116
Image Credit: TechCrunch
Stacklok donates its Minder supply chain security project to the OpenSSF
- Stacklok has donated its Minder project to the Open Source Security Foundation (OpenSSF), helping development teams set up a system of proactive checks and policies to minimize supply chain risks.
- Minder ensures that all packages built by developers using the project are cryptographically signed to enforce best practices.
- The extensible nature of Minder will allow it to become a platform for other OpenSSF project integration.
- It has the potential to integrate a variety of security tools and make them easier to adopt.
- Stacklok founder, Craig McLuckie hopes that Minder will form a community anchor and become a common integration framework.
- Minder is a system that can apply controls across the entire application lifecycle, starting at the IDE and with the developer’s local package manager, all the way to the production environment.
- While software supply chain wasn’t always top of mind for developers, recent attacks have brought it to the forefront.
- Google is supporting Minder and helping Stacklok drive integrations with services like the open source vulnerability database.
- For Stacklok, the more successful Minder is as an open-source project, the more likely enterprises are to come to Stacklok for support, or to subscribe to its hosted service.
- Stacklok wants Minder to be a community-centric platform that is community-owned even as the organization plans to commercialize it.
Read Full Article
7 Likes
For uninterrupted reading, download the app