One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8339090 |
| Date de publication | 2023-05-24 12:49:28 (vue: 2023-05-24 18:06:50) |
| Titre | Annonçant le lancement de Guac V0.1 Announcing the launch of GUAC v0.1 |
| Texte | Brandon Lum and Mihai Maruseac, Google Open Source Security TeamToday, we are announcing the launch of the v0.1 version of Graph for Understanding Artifact Composition (GUAC). Introduced at Kubecon 2022 in October, GUAC targets a critical need in the software industry to understand the software supply chain. In collaboration with Kusari, Purdue University, Citi, and community members, we have incorporated feedback from our early testers to improve GUAC and make it more useful for security professionals. This improved version is now available as an API for you to start developing on top of, and integrating into, your systems.The need for GUACHigh-profile incidents such as Solarwinds, and the recent 3CX supply chain double-exposure, are evidence that supply chain attacks are getting more sophisticated. As highlighted by the |
| Envoyé | Oui |
| Condensat | guac according following guac potential this we 14028 2022 3cx abilities able about accessed accurate across actionable active additionally adopters advance aggregates aggregating aggregation aggregationguac all allowed allowing also analysis analytics announcing api application applications architecture are artifact artifacts attackers attacks attestations available backends based been before being believe best better between bill boom bosanac brandon brings build built but calls can cases catalog ceo certify chain chains change checks cisco cisos citi clear cli closely collaboration com command commands committed common community company complete complexity components composition compromises determine concepts conflicting consistent constantly consumers consumption continuously contributor contributors correct coverage create critical current cybersecurity cyclonedx daily data database databases dedicated deeper deeply defined defines demos deps described dev developing development develops different difficult difficulty discovered distinguished diverse document documents double during early ecosystem ecosystems efficiency efforts either emailing empowering enables encourage engineer engineering engineers engines enough enriching ensuring entire envision evaluate evidence evolving example excited executive expand expansion explain explorations exposed exposure extend external face features federal feedback feeds filing fill first flexible following forces formats forward found foundation from further future gaps gather generated get:supply getting github given good google government graph graphql guac guacdynamic guachigh guess hard has hat have help hemil heuristics high highlighted hope how ide immense impossible improve improved inaccurate incident incidentcreate incidents incomplete incorporated incorporating increase increasingly industry information ingest ingesting ingestion initiative insightconsistent insights integrate integrating integration integrations integrationsbased intelligence intent intents interface interfacesalongside internal internally introduced issue its join joined journey just kadakia keep kinds knits know knowledge kubecon kusari languages large later latest launch left let level levels like line link linking look lum maintainers@googlegroups make making many maps maruseac materials mechanisms meet members merging metadata metadata: metadatabecause mgr mihai miller modern monthly more moredevelopers multiple need new not now number october often ontologydatabase open order organization organizational organizations oss osv overwhelmingly packages paint paranoids party perform pertaining picture plan play plays please plug plugins plus policies policy portfolio posed positive: “at possible posture potential power powerful preferred preparing prevent private process processes produce producing production professionals profile project projects proud purdue quality queries query rapid react reasoning recent red refer relationships release relevant repositories repository response rich risk risks role safeguarding said same says sbom sboms scale seamless seamlessly security see seeing sense shift significant similar situation situations slsa software solarwinds something sophisticated source sources spanning spdx specifications sscs stack standard standards start static stepsgoogle store storesguac streamline submit success such suggestions supply synthesis systems talking targets team teamtoday terms testers them then there these those threat tim to:create together tool toolchains tooling toolingdejan tools top translate true trustquickly types under understand understandable understanding university upgrade use useful users uses utilizing value various vendorsparsers version visualizations visualizers vocabulary vulnerability warnicke way welcoming what where wider will without workflows working write yahoo you your “at “with ” google ” next |
| Tags | Tool Vulnerability Threat |
| Stories | Yahoo |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.