Sabitlenmiş Tweet
Dan Lorenc
13.2K posts

Dan Lorenc
@lorenc_dan
OSS Supply Chain Security. Founder/CEO/Primary Ariba Admin at https://t.co/sGmuUU9JbG Sigstore: https://t.co/dWKlyYu6kv
The Arena Katılım Mayıs 2014
2K Takip Edilen11.4K Takipçiler

@mmatthias yep. the smallest thing that runs your app is also the safest thing that runs your app
English

@lorenc_dan You don’t need an entire OS to run a web server in most cases. Great product!
English

@Siddarth_0910 appreciate it. that window is exactly what we're going after
English

@lorenc_dan Solving a problem where attacks happen 7 days before a vulnerability is disclosed. Goated 🐐
English

@thomasunise that's @lizwalton. she's real, she just has good lighting
English

@lorenc_dan $800 million and you couldn’t use a real actor for your video?
English

@The_Cyber_News the trick is not trusting prebuilt binaries at all. that's where most malware hides. we rebuild everything from verified source continuously, so there's far less to detect in the first place
English

@lorenc_dan ⚠️⚠️⚠️ With AI agents now autonomously pulling and executing dependencies, how does Chainguard's threat intelligence stay current? What is the update cycle on your hardened catalog when a new malicious package is discovered in the wild?
English

@MarcAnthonyHere hopefully not. we're spending a lot of money on it
English

@lorenc_dan Open source is not dying lol. What kind of narrative is this?
English

@slobkebap structural. we rebuild everything from source continuously, so most cves never get shipped, and the ones that land get patched fast
English

@lorenc_dan super cool! is there a structural way of how you achieve near-zero CVEs getting into the libraries or containers you offer? is it manual or more like Mythos testing everything and trying to find vulnerabilities?
English

@AlexJonesax appreciate that more than you know. the team will like reading this one
English

@lorenc_dan I'm really glad someone is doing this, and I like that its you. It's thankless hard work, but its worth doing.
English

@lalitium we rebuild open source from source and enterprises pay us for the clean versions plus the sla
English

@JayminSOfficial @grok hard to argue with the robot. it's not dying, it just needs someone maintaining the last mile
English

@lorenc_dan @grok Is open source going to die with AI threats?
English

@tekbog @clankercloud genuinely the best possible test. we built agent skills, someone should send agents at us
English











