Chainguard ⛓️

4.6K posts

Chainguard ⛓️ banner
Chainguard ⛓️

Chainguard ⛓️

@chainguard_dev

The trusted source for open source (& memes).

Katılım Temmuz 2021
116 Takip Edilen6.4K Takipçiler
Sabitlenmiş Tweet
Chainguard ⛓️
Chainguard ⛓️@chainguard_dev·
Three weeks ago, we announced Athena, the industry coalition to protect open source software from AI attacks. Here’s where Athena stands today: • 40,000+ vulnerabilities processed, doubled since launch • 42% are critical- or high-severity • 86% are network reachable, meaning attackers can trigger them remotely • ~7% sit in packages more than five years old Frontier models are finding these vulnerabilities faster than any single team can respond. No one company can solve this alone. Today, we’re welcoming new members to the coalition: @Akamai, @BlackDuck_SW, @CycodeHQ, @jfrog, @MorganStanley, @qualys, @upwindsecurity, and @Zafran_io. More organizations mean more findings pooled and de-duplicated, which means fewer unique flaws left for an attacker to find first. It means more protection for the critical infrastructure we all rely on. Learn more: chainguard.dev/unchained/expa…
Chainguard ⛓️ tweet mediaChainguard ⛓️ tweet media
English
0
8
18
931
Chainguard ⛓️
Chainguard ⛓️@chainguard_dev·
Chainguard customers are unaffected by today's attack on the AsyncAPI namespace on npm, where a GitHub Actions misconfiguration let an attacker publish five backdoored versions across four packages that have a 2.5M+ collective monthly downloads. Learn more: chainguard.dev/unchained/asyn…
English
0
2
7
394
Chainguard ⛓️
Chainguard ⛓️@chainguard_dev·
That one CVE that's been in your dependencies since 2019.
Chainguard ⛓️ tweet media
English
0
1
12
405
Chainguard ⛓️
Chainguard ⛓️@chainguard_dev·
🧭 A USB 3 cable killed GPS reception on a security robot. Not a bug or a bad sensor, an electromagnetic interference from a cable six inches away. That’s something you can only get in production, not a test environment. Eric Timmons, Chief Engineer at @asylonrobotics, shares why real-world deployment beats simulation every time: chainguard.dev/unchained/this…
English
0
3
9
333
Chainguard ⛓️
Chainguard ⛓️@chainguard_dev·
🆕 cinc-auditor image! The GPOS STIG InSpec profile is pre-baked in, maintained on the same quarterly cadence as DISA updates, and proven with Anchore Enterprise. Learn more: chainguard.dev/unchained/intr…
English
0
0
4
274
Chainguard ⛓️ retweetledi
Qualys
Qualys@qualys·
Qualys is proud to join Athena, the industry coalition @chainguard_dev launched to coordinate the defense of open source software. Frontier models are finding vulnerabilities faster than any team can respond—that's why we're joining as a cyber partner to convert early vulnerability intelligence into validated customer action. It is what Qualys TruConfirm was built for, validating, prioritizing, and acting, while Athena makes the ecosystem faster at finding and fixing. Learn more about what we bring to the collaboration here: blog.qualys.com/qualys-insight… #Athena #Chainguard #Cybersecurity
Qualys tweet media
English
0
2
4
563
Chainguard ⛓️
Chainguard ⛓️@chainguard_dev·
See you in Sin City! 🎰  We’ll be at Black Hat USA in Las Vegas from August 4–6. Let’s connect: 📍 Stop by booth #1964 to learn how we're helping teams eliminate vulnerabilities at the source, grab some swag, and talk shop with our team. 📆 Want dedicated time to chat? Book a 1:1 with our experts here: chainguard.lodago.app/meet/e/f32d432…
Chainguard ⛓️ tweet media
English
1
1
7
320
Chainguard ⛓️
Chainguard ⛓️@chainguard_dev·
What happens to a vulnerability inside Athena? Here's how Athena's orchestrated defense works behind the scenes: 🔍 Find: A frontier model finds a memory-corruption bug in a widely-used parsing library three levels down in software that nobody thinks about until it breaks. It’s submitted through Athena's encrypted portal, deduplicated, and enriched. 🛠️ Fix: A hardened fix gets built under embargo, before any of it is public. 🛡️ Shield: While the fix works toward upstream, cyber partners shield it at the network, traffic, and endpoint layers. Anyone who tries the exploit hits a wall before the flaw is ever public. ✍️ Surface: This step’s "silent." Already fixed at head, no CVE coming. Athena publishes an OSV record so anyone still on the old version can be flagged and protected. 📩 Disclose: The finding goes to Akrites, The @linuxfoundation's coordinated effort to remediate and disclose upstream. Most of what Athena does, no one will ever see. But the same libraries running inside the world's largest banks also run a rural water plant, a regional hospital, a school district with no time to patch. That’s the critical infrastructure it protects. chainguard.dev/unchained/expa…
English
1
2
11
519
Chainguard ⛓️
Chainguard ⛓️@chainguard_dev·
We think our stack is airtight… so we’re inviting you to try and prove us wrong. We’re teaming up with @Bugcrowd for a Live in the Loop bounty event. Live now through July 27 (or until the bounties run out) 👀 Oh, did we mention there’s $200k on the line?! Get involved here: docs.google.com/forms/d/e/1FAI…
English
1
2
11
318
Chainguard ⛓️
Chainguard ⛓️@chainguard_dev·
“They can’t scope work accurately, can’t set realistic expectations and can’t coach their teams on these tools. They’re leading a transformation they haven’t experienced themselves.” Chainguard CEO and cofounder @lorenc_dan was featured in @Bloomberg on why leaders need to model AI usage for their teams: bloomberg.com/news/articles/…
English
0
0
4
309
Chainguard ⛓️
Chainguard ⛓️@chainguard_dev·
Attackers don't need to be better than your defenses anymore... they just need to be faster 💨 And right now, they are. @lorenc_dan shares more on @MTSlive 👇
MTS@MTSlive

SITUATION EXPLAINED: What does it mean that models have surpassed humans at finding exploits in open source code? We asked @lorenc_dan, co-founder and CEO of @chainguard_dev: "Models have surpassed the ability of humans to find exploits and to find vulnerabilities in code. They're getting found incredibly quickly, and they're being weaponized incredibly quickly too." "All of those systems and tools that people have had for years to deal with this kind of update cycle and patch cycle now aren't keeping up." "There's been a margin call on 10 years of tech debt. It's tech debt that's been around that people have just been refinancing over and over, and now all of a sudden you have to figure out a way to pay that tech debt." "But all of a sudden, overnight almost, this became one of the most pressing problems for the world of software."

English
3
2
10
490
Chainguard ⛓️
Chainguard ⛓️@chainguard_dev·
Between March 1 and May 31, we examined 2,400 unique container image projects, 18,016 total vulnerability instances, and 886 unique CVEs. Here's what we learned: 1️⃣ High-severity vulnerabilities accounted for 63.1% of all observed instances (a 13% increase quarter-over-quarter) 2️⃣ AI is helping engineers build and ship faster than ever before, but it is also enabling attackers to launch highly sophisticated, dangerous software supply chain attacks 3️⃣ Last quarter, we remediated 886 unique CVEs, as AI-assisted software development and vulnerability discovery hit the mainstream 4️⃣ 97.0% of all observed vulnerability instances occurred outside the top 20 projects Get the full details in The State of Trusted Open Source: chainguard.dev/unchained/the-…
Chainguard ⛓️ tweet media
English
0
1
4
393
Chainguard ⛓️
Chainguard ⛓️@chainguard_dev·
As if you needed another reason to choose Chainguard… here are five:
Chainguard ⛓️ tweet mediaChainguard ⛓️ tweet mediaChainguard ⛓️ tweet media
English
1
0
5
389
Chainguard ⛓️ retweetledi
The Linux Foundation
The Linux Foundation@linuxfoundation·
The age of AI requires a new solution to cybersecurity challenges. Today, the Linux Foundation and industry leaders launched Akrites, a coordinated effort to defend critical open source software against AI-enabled cyber threats. Frontier AI can find software vulnerabilities in minutes. Akrites introduces a shared SIRT and a standardized, confidential disclosure process to remediate vulnerabilities upstream before they are exploited. Read the open letter and learn why top organizations are joining together in this critical effort akrites.org/letter/
The Linux Foundation tweet media
English
2
15
46
38K