Episode #11

Posted on

Supply Chain, Kernel, KVM, RCE, NPM

Google introduced Supply chain Levels for Software Artifacts (SLSA), a set of incrementally adoptable guidelines for supply chain integrity.

Rust is being proposed as one of the main languages to be used in Linux Kernel programming because of its memory safety features.

Project Zero disclosed EPYC escape, a vulnerability in KVM for AMD instruction.

PrintNightmare is a vulnerability of Microsoft Windows print spooler remote code execution with system-level privilege.

Overreact.io discussed why NPM audit is broken by design.