Stacklok logo
Home
Products
Minder Trusty
Company
About Careers Open Source Press
Resources
Blog Videos Trusty Docs Minder Docs View all resources
Contact
Login
Resources

Stacklok Resources

Browse our latest blog posts, view videos from our team, and more.

Driving safe and sustainable open source consumption with two new Stacklok capabilities

Craig McLuckie /
6 mins read
 /
Apr 17, 2024

Stacklok is announcing the launch of two new capabilities to help detect and prevent supply chain attacks that build on tools like sigstore. Over time, we believe these capabilities will help mitigate newly emerging techniques that are threatening the health of open source ecosystems.

Announcing the Proof-of-Diligence (PoD) algorithm: A method of modeling trust and maintainability in open source ecosystems

Luke Hinds / Pankaj Telang /
15 mins read
 /
Apr 17, 2024

The OSS Trust Graph is an implementation of the Proof-of-Diligence algorithm created at Stacklok. Proof-of-Diligence (PoD) provides a robust mechanism to model trust, quality and maintainability in open source ecosystems. This blog post provides details on the reasoning behind the algorithm, how it is implemented, and how it can be used.

The good, the bad and the ugly of the XZ vulnerability

Craig McLuckie /
7 mins read
 /
Apr 1, 2024
Cybersecurity

The recent CVE 2024-3094 (the XZ vulnerability exposed by Red Hat on March 29, 2024) has sparked many discussions here at Stacklok and discussions with our friends in the community. We see a sea change in how hostile actors are operating.
Loading...

Driving safe and sustainable open source consumption with two new Stacklok capabilities

Craig McLuckie /
Apr 17, 2024
Continue Reading

Announcing the Proof-of-Diligence (PoD) algorithm: A method of modeling trust and maintainability in open source ecosystems

Luke Hinds / Pankaj Telang /
Apr 17, 2024
Continue Reading

Announcing Minder Cloud: A fully managed software security platform for open source communities

Edward Thomson /
Apr 17, 2024
Minder
Continue Reading

The good, the bad and the ugly of the XZ vulnerability

Craig McLuckie /
Apr 1, 2024
Cybersecurity
Continue Reading

An analysis of an obfuscated JavaScript malware package

Luke Hinds / Edward Thomson /
Mar 27, 2024
Security Alerts
Continue Reading

How we gained a 15x performance boost moving to an event-driven architecture for large-scale data processing

Yolanda Robla /
Mar 19, 2024
Trusty
Continue Reading

AI SBOM: Where's the data?

Adolfo "Puerco" García Veytia /
Mar 14, 2024
AI security
Cybersecurity
Continue Reading

How to detect and block malicious typosquatting attacks on open source packages

Pankaj Telang /
Mar 13, 2024
Cybersecurity
Continue Reading

How to use GitHub Copilot's new Content Exclusions feature to keep sensitive information out of AI-generated code

Megan Bruce /
Mar 11, 2024
AI security
Continue Reading
Newsletter

Stay in the loop

Subscribe to our newsletter for the latest news about our products and about open source supply chain security.

Stacklok logo
© 2024 Stacklok
Privacy Policy Terms of Service
Main Menu
Home About Careers Contact
Products
Trusty Minder
Resources
All Resources Blog Videos Trusty Docs Minder Docs
Contact Us
hello@stacklok.com