Explore the latest episode of "Cloud Unfiltered" featuring Cole Kennedy, co-founder and CEO of TestifySec, as he delves into the critical role of attestations in securing software supply chains. Learn how attestations can fortify your CI/CD pipelines against threats, ensuring compliance and integrity. Stay ahead with insights on cloud-native applications, security innovations, and open-source projects. Thanks to Outshift by Cisco for hosting us to share why we believe Everyone Deserves Secure Software. Read more or go to full recording here: https://lnkd.in/dXVAgAwE
TestifySec’s Post
More Relevant Posts
-
John Kjell recently gave a talk at #CNSCON titled "Demystify Modern Signing: Keys, Certs, and Envelopes,' which focused on practical aspects of cryptographic signing tools used in software supply chain security, specifically those from projects like Sigstore’s Cosign, Notation, The Update Framework (TUF), and #intoto. John didn't delve into complex mathematical concepts like elliptic curves, prime numbers in cryptography, or modular exponentiation. 😉 Instead, he covered: Key Algorithms: How the tools implement and utilize various cryptographic algorithms. Signing Envelopes: The format and structure used to wrap the signed data. Certificates: The role of certificates in the signing and verification process. Verification: How these tools verify signatures to ensure data integrity and authenticity. Additionally, he shared: 🔸 Differentiate between signing and verification versus encryption and decryption. 🔹 Explore the design decisions made by each tool (Cosign, Notation, TUF, and in-toto’s Witness project). 🔸 Discuss the emerging trend of identity-based signing using short-lived keys and certificates. 🔹 Demonstrate how to verify signatures using basic CLI commands like openssl and shasum. 🔸 This practical approach aims to provide a deeper understanding of the operational aspects of these tools and their applications in securing software supply chains. Thank you to Cloud Native Security Con and The Linux Foundation for creating a great event and community to discuss the critical aspects of supply chain security and much more. #linuxfoundation #cybersecurity #devops
To view or add a comment, sign in
-
-
Thank you FINOS for creating a great community for us to be apart of. We are excited to contribute to this vibrant ecosystem.
"We are thrilled to join the Fintech Open Source Foundation. At TestifySec, we believe in the power of collaboration and innovation in open source communities. Joining FINOS aligns perfectly with our mission to enhance AI and application security across the financial services industry. We look forward to contributing to and growing with this vibrant ecosystem, advancing secure and compliant software practices together," said Cole Kennedy 🔐 🔗, CEO and Co-Founder at TestifySec. 🔗 Read more here: 🌟 FINOS Welcomes Seven Financial Services and Technology Leaders, Accelerating AI, Cloud and Interoperability Strategic Initiatives https://hubs.ly/Q02FRgqf0 🌟 #fintech #financialservices #FINOS #opensource #ai #cloud
FINOS Welcomes Seven Financial Services and Technology Leaders, Accelerating AI, Cloud and Interoperability Strategic Initiatives
finos.org
To view or add a comment, sign in
-
Ensuring software provenance and security in your CI/CD pipeline can be tough. We’re curious—what’s your biggest challenge in this area? Take our quick poll and let us know. Your input will help us understand the common pain points and work on better solutions. Vote now and share your thoughts in the comments! #Software #Provenance #SupplyChainSecurity #DevOps
This content isn’t available here
Access this content and more in the LinkedIn app
To view or add a comment, sign in
-
Thanks to everyone who has joined our community! We are grateful for those who love software, security, devops and all aspects that keep your software secure. Everyone Deserves Secure Software! Help us reach more people by sharing our page with your friends and colleagues. #testifysec #provenance #cybersecurity
To view or add a comment, sign in
-
-
🎆 Happy 4th of July and Independence day to our American teammates, friends and colleagues. Today, we celebrate the spirit of freedom and the strength of our nation, USA! 🇺🇸 We’re grateful for the opportunites and freedoms we have in this beautiful country to chase the American dream. We hope your day is filled with joy, celebration, and appreciation for the freedoms we all cherish. Wishing everyone a safe and happy Independence Day! 🗽✨ #FourthOfJuly #IndependenceDay
To view or add a comment, sign in
-
-
Happy Wednesday! Help us celebrate Tanner J., our technical account manager for our public sector partners here at TestifySec. Tanner's love and deep passion for cybersecurity have been evident since his college days when a mentor introduced him to both offensive and defensive security within information technology. Graduating from Carnegie Mellon University in 2023 with a Master of Information Systems and Policy Management, Tanner quickly transitioned into his role as a Technical Account Manager at the tech startup, TestifySec. Educationally, Tanner also got his undergrad at Weber State University. At TestifySec, Tanner plays a pivotal role in supporting the US Navy's efforts to modernize combat systems through their software factory, The Forge. “Tanner’s ability to understand customer perspectives and business needs, combined with his technical capability, makes him a uniquely valuable team member at TestifySec. He has been able to quickly ramp up on Terraform and K8s, which will enable product deployment. He also played a key role in the creation of documentation for our AWS Marketplace offering.” - Robbi Kenney, Director of Channel Delivery. Tanner has had the opportunity to work on various projects, including TestifySec's #opensource efforts around #intoto, #Witness, and #Archivista, which are part of the Cloud Native Computing Foundation (CNCF) within the The Linux Foundation. He also supports the platform development team, sales engineering, marketing, and enjoys collaborating with frontline developers and teams to align efforts with customer needs. “Tanner brings a refreshing personality and go-getter attitude to everything he does,” Matt “Mohawk” Denny, Marketing & Outreach Director at TestifySec. “His ability to shift from engineering to security to business development is unparalleled. He is an asset to the team and is a fun person to work with.” Outside of work, Tanner cherishes time with his wife and one-year-old son, exploring the outdoors and dabbling in woodworking. Have you had the pleasure of working with Tanner? Share your stories below! 👇 #EmployeeSpotlight #testifysec Pictured below is Tanner, top left, with a few of his TestifySec teammates at #KubeCon last year in Chicago.
To view or add a comment, sign in
-
-
The DoD has unveiled the Fulcrum Advanced Strategic Plan, a comprehensive roadmap designed to drive growth, innovation, and operational excellence. What are your thoughts about the new DOD Strategy? We found a highlight about changes in Software Supply Chain Security Section - 1.3.6 Building Supply Chain Security Ensuring the supply chain is secured provides flexibility to accelerate the acquisition of national security systems while reducing the risk of injecting unnecessary system vulnerabilities. The document also highlights the Key Lines of Effort: 1️⃣ Provide Joint Warfighting IT Capabilities: Enhance strategic dominance with advanced, secure, and interoperable IT systems. This includes leveraging AI and machine learning to outpace adversaries and ensure superior operational capabilities. 2️⃣ Modernize Information Networks and Compute: Transition to a data-centric Zero Trust security model, optimizing the DoDIN foundation for performance and resilience. This effort aims to integrate scalable, secure IT infrastructure that adapts to modern threats. 3️⃣ Optimize IT Governance: Streamline IT governance processes to enhance efficiency and mission alignment. This involves overhauling governance tools, improving data quality, consolidating legacy systems, and accelerating IT acquisition with DevSecOps practices. 4️⃣ Cultivate a Premier Digital Workforce: Build and maintain a highly skilled digital workforce ready to deploy emerging technologies. Focus areas include continuous learning, competitive compensation, and fostering collaborative partnerships with industry and academia. #cybersecurity #dod #compliance #fulcrum
To view or add a comment, sign in
-
We have THREE talks today at #cnscon! Join Frederick Kautz, John Kjell and Tom Meadows at Cloud Native Security Conference North America today to learn about a variety of software supply chain topics. Today is a day you don't want to miss for #SupplyChainSecurity. Demystify Modern Signing: Keys, Certs, and Envelopes - John Kjell, Director of #OpenSource at TestifySec. Thursday, June 27 • 11:50am - 12:25pm Ballroom 2-3 Guardians of the Dataverse: Securing the AI Supply and Data Chain - Frederick Kautz, Director of R&D, TestifySec. Thursday, June 27 • 2:45pm - 3:20pm Ballroom 2-3 The Story of Crush: The Microservice That Navigated the Cloud Native Ocean with a SPIFFE Identity - Mattias Gees, Venafi & Tom Meadows, open source engineer at TestifySec. Thursday, June 27 • 4:40pm - 5:15pm Venue: 435 Send them a message to meet up outside their talks. The Linux Foundation #cloudnative #security #intoto
To view or add a comment, sign in
-
-
John Kjell kicked off Cloud Native Security Con today as one of the #keynote speakers with his fellow #opensource advocates Brandt Keller, Marina Moore , Michael Lieberman, and ⚙️ Eddie Knight. Their topic was Tag Security, you’re it! Highlights: Contributing to the security of cloud native technologies, security best practices and how TAG can help you today. If you are in Seattle, reach out to John Kjell to chat. Frederick Kautz and Tom Meadows are also in town and all three of them have talks on Thursday. Great work team! Thanks for representing open source and TestifySec so well.
To view or add a comment, sign in
-