Episode #2022-07

Posted on
ProjectZero SLSA go supply-chain

Filippo Valsorda discussed how Go ecosystem mitigates the software supply chain risk. 1

Google publish a prototype for mitigating supply chain attacks for Go, and have a collaboration with Github. 2

Project Zero published a year-in-review for zero days. Year 2021 is a record year due to more detection, and disclousre. Techniques used were mostly the old and known ones. 3

The AWS patches on Log4Sehll created another vulnerablity. 4

Cloudflare shared the findings from security researchers at Assetnotes. 5

1. How Go Mitigates Supply Chain Attacks - The Go Programming Language (go.dev)

See also:

2. Google Online Security Blog: Improving software supply chain security with tamper-proof builds (security.googleblog.com)

See also:

3. Project Zero: The More You Know, The More You Know You Don’t Know (googleprojectzero.blogspot.com)

See also:

4. AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation (unit42.paloaltonetworks.com)
5. The Cloudflare Bug Bounty program and Cloudflare Pages (blog.cloudflare.com)

See also: