https://deploy-preview-3187--ornate-narwhal-088216.netlify.app/contributors/john-speed-meyers/Recent content in John Speed Meyers onHugo -- gohugo.ioen-USTue, 06 Oct 2020 08:50:45 +0000https://deploy-preview-3187--ornate-narwhal-088216.netlify.app/software-security/selecting-a-base-image/Thu, 04 Aug 2022 15:21:01 +0200https://deploy-preview-3187--ornate-narwhal-088216.netlify.app/software-security/selecting-a-base-image/Software teams building and deploying container-based software applications often use a “base image,” an initial set of software packages often associated with a Linux distribution. Software developers, security professionals, and infrastructure teams seeking to make an informed decision about what base image to use must consider a number of criteria when selecting a base image appropriate for their needs. Base images like those provided by Chainguard are designed to meet these security criteria while maintaining compatibility.https://deploy-preview-3187--ornate-narwhal-088216.netlify.app/software-security/what-is-software-supply-chain-security/Thu, 04 Aug 2022 15:21:01 +0200https://deploy-preview-3187--ornate-narwhal-088216.netlify.app/software-security/what-is-software-supply-chain-security/An earlier version of this material was published in the first chapter of the Linux Foundation Sigstore course. Software producers have a supply chain just like manufacturing businesses have a supply chain. And just like manufacturers require physical inputs and then perform a manufacturing process to build a finished product, so do software producers, whether the producer is a company or individual. In other words, a software producer uses components, developed by third parties and themselves, and technologies to write, build, and distribute software.https://deploy-preview-3187--ornate-narwhal-088216.netlify.app/open-source/sbom/what-makes-a-good-sbom/Thu, 04 Aug 2022 15:21:01 +0200https://deploy-preview-3187--ornate-narwhal-088216.netlify.app/open-source/sbom/what-makes-a-good-sbom/A software bill of materials, or an SBOM (pronounced s-bomb), is a formal record of the components contained in a piece of software. It is analogous to an ingredients list for a recipe. And it has become recognized as one of the key building blocks of software supply chain security. Proponents rightfully point out that organizations can’t secure their software if they don’t know what’s inside their software. As awareness and adoption of SBOM has grown, there has been a gradual acknowledgement that not all SBOMs are created equal, some are more or less useful, depending on the goals of the SBOM user and the contents of the SBOM.