SLSA

OpenSSF Announces New Members & Initiatives at SOSS Community Day North America

Retrieved on: 
Monday, April 15, 2024
Education, Ecosystem, The Golden Egg, OSS, DLT, Distributed ledger, Partnership, Carbon, PostgreSQL, Linux Foundation, Open Source Summit, Automation, Open Source Security Foundation, Engineering, Linux, Boeing, Microsoft, Intel, Computer security, GitHub, Open source, SOSS, TTX, CISA, Community, Organization, Growth, XZ, SLSA

The OpenSSF is further pleased to host Secure Open Source Software (SOSS) Community Day at Open Source Summit North America (NA) 2024, which brings together members and contributors from around the world.

Key Points: 
  • The OpenSSF is further pleased to host Secure Open Source Software (SOSS) Community Day at Open Source Summit North America (NA) 2024, which brings together members and contributors from around the world.
  • “The challenge of safeguarding open source software is significant, and we eagerly anticipate collaborating with them.”
    To celebrate its growing community, the OpenSSF is hosting Secure Open Source Software (SOSS) Community Day at Open Source Summit NA 2024 in Seattle.
  • SOSS Community Day NA 2024, with over 500 registrants, is an opportunity for community members from across the open source security ecosystem to get together and share ideas.
  • Further highlighting the organization’s commitment to security education, SOSS Community Day NA will feature a 90-minute interactive tabletop exercise (TTX), designed to engage the open source community on security practices.

Legit Security Releases Industry's First Software Compliance and Attestation Trust Center

Retrieved on: 
Tuesday, April 30, 2024
PCI DSS, CISA, Software, Legit, ISO, Organization, PCI, SLSA, Audit

BOSTON, April 30, 2024 /PRNewswire/ -- Legit Security, the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced extended software compliance, audit, and attestation support with the release of the industry's first software compliance and attestation trust center.

Key Points: 
  • Expands capabilities to support compliance, audit, and attestation, empowering organizations to prove software compliance faster with the most comprehensive control validation platform
    BOSTON, April 30, 2024 /PRNewswire/ -- Legit Security , the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced extended software compliance, audit, and attestation support with the release of the industry's first software compliance and attestation trust center.
  • Legit enables customers to build a repeatable and scalable software security compliance program by automating manual processes and producing the required evidence to prove compliance.
  • In addition, Legit now supports new requirements for the CISA Secure Software Development Attestation Form.
  • "Compliance and audit requirements prove the expectations for software security are on the rise," said Lior Barak, Chief Product Officer at Legit.

Legit Security Now Offered Through GuidePoint Security

Retrieved on: 
Wednesday, April 17, 2024
Risk, SDLC, Guidepoint, Partnership, ISO, Application, FedRAMP, ASPM, CISA, Legit, Organization, SLSA, Risk management

BOSTON, April 17, 2024 /PRNewswire/ -- Legit Security, the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced a strategic reseller partnership with GuidePoint Security, the leading cybersecurity solution provider that empowers organizations to make smarter decisions and minimize risk.

Key Points: 
  • Partnership offers GuidePoint Security customers access to Legit's Application Security Posture Management (ASPM) platform to help enable secure SDLC, protect the software supply chain
    BOSTON, April 17, 2024 /PRNewswire/ -- Legit Security , the leading platform for enabling companies to manage their application security posture across the complete developer environment, today announced a strategic reseller partnership with GuidePoint Security , the leading cybersecurity solution provider that empowers organizations to make smarter decisions and minimize risk.
  • GuidePoint Security's expertise and services, paired with Legit's platform, will enable joint customers to help strengthen their application security posture without slowing the innovation critical to their bottom line.
  • "As risks associated with software development and delivery increase, organizations need a consistent means of managing application security programs across both development and security," said Aaron Cote, Chief Revenue Officer at Legit.
  • Legit's platform enables security teams, including CISOs, product security leaders, and security architects, to gain comprehensive visibility into risks across the development pipeline from the infrastructure to the application layer.

Qmulos Appointed to Carahsoft’s Software License Supply Arrangement (SLSA) for IT Procurement Within Canadian Government

Retrieved on: 
Tuesday, March 19, 2024
Automation, Government, Public, Risk management, Face, ISV, Trust (social science), SLSA, Partnership, Software, Commercial, Carahsoft, Splunk, COTS, Public service, Collection, Federal

Carahsoft will work to offer additional contracts to support new Public Sector customers in Canada and expand the availability of Qmulos solutions.

Key Points: 
  • Carahsoft will work to offer additional contracts to support new Public Sector customers in Canada and expand the availability of Qmulos solutions.
  • “We are excited to work with Carahsoft to expand our reach within the Canadian Government through this SLSA,” said Matt Coose, Founder and CEO of Qmulos.
  • “There is a continuous need to strengthen the Government’s cybersecurity posture in the face of increasingly frequent and sophisticated threats.
  • For more information, contact the Qmulos team at Carahsoft at (855) 377-5865 or [email protected] ; or explore the different cybersecurity frameworks Qmulos offers solutions for here .

SUSE Strengthens Container Management Portfolio to Help Platform Engineering Teams Manage at Scale, Support AI/ML Workloads

Retrieved on: 
Tuesday, March 19, 2024
OS, Arm, Automation, Certification, Organization, GPU, Red Hat Enterprise Linux, Platform as a service, Harvester, G5, Linux, SLSA, Knowledge, IDC, AI, X86, SBOM, VM, NVIDIA GPU, Graphics processing unit, DevOps, API, Version 2.0, NVIDIA, Engineering, Mobile phone

"At SUSE, our commercial and open source users are equally important," said Peter Smails, general manager of the SUSE Enterprise Container Management business unit.

Key Points: 
  • "At SUSE, our commercial and open source users are equally important," said Peter Smails, general manager of the SUSE Enterprise Container Management business unit.
  • New capabilities in Rancher Prime 3.0 help platform engineering teams deliver self-service Platform-as-a-Service (PaaS) to their developer communities, and enhanced support for AI workloads.
  • SUSE is also introducing Rancher Enterprise, a single package and price for the entire portfolio of Rancher Prime including multi-cluster management, OS management, VM management, persistent storage, and SUSE's certified Linux OS, SUSE Linux Enterprise Micro.
  • SUSE continues to invest in open source innovation across its entire cloud native portfolio to support its large community of users.

SUSE Strengthens Container Management Portfolio to Help Platform Engineering Teams Manage at Scale, Support AI/ML Workloads

Retrieved on: 
Tuesday, March 19, 2024
OS, Arm, Automation, Certification, Organization, GPU, Red Hat Enterprise Linux, Platform as a service, Harvester, G5, Linux, SLSA, Knowledge, IDC, AI, X86, SBOM, VM, NVIDIA GPU, Graphics processing unit, DevOps, API, Version 2.0, NVIDIA, Engineering, Mobile phone

"At SUSE, our commercial and open source users are equally important," said Peter Smails, general manager of the SUSE Enterprise Container Management business unit.

Key Points: 
  • "At SUSE, our commercial and open source users are equally important," said Peter Smails, general manager of the SUSE Enterprise Container Management business unit.
  • New capabilities in Rancher Prime 3.0 help platform engineering teams deliver self-service Platform-as-a-Service (PaaS) to their developer communities, and enhanced support for AI workloads.
  • SUSE is also introducing Rancher Enterprise, a single package and price for the entire portfolio of Rancher Prime including multi-cluster management, OS management, VM management, persistent storage, and SUSE's certified Linux OS, SUSE Linux Enterprise Micro.
  • SUSE continues to invest in open source innovation across its entire cloud native portfolio to support its large community of users.

Carahsoft Named A Veritas Public Sector Distributor in Canada

Retrieved on: 
Tuesday, February 6, 2024
Federal, Veritas Technologies, Software, Government agency, Carahsoft, Public, SLSA, Environment, Government, Trust (social science), Public service, Trust, Public sector

RESTON, Va., Feb. 06, 2024 (GLOBE NEWSWIRE) -- Carahsoft Technology Corp. , The Trusted Government IT Solutions Provider®, today announced that Veritas Technologies , the leader in secure multi-cloud data management, has named Carahsoft a Public Sector Distributor for Veritas in Canada.

Key Points: 
  • RESTON, Va., Feb. 06, 2024 (GLOBE NEWSWIRE) -- Carahsoft Technology Corp. , The Trusted Government IT Solutions Provider®, today announced that Veritas Technologies , the leader in secure multi-cloud data management, has named Carahsoft a Public Sector Distributor for Veritas in Canada.
  • Our expanded relationship broadens access to the Veritas portfolio to Canada, meeting the growing demand for proven Public Sector data protection and cyber-resiliency solutions.”
    “We are delighted to grow our relationship by facilitating Veritas’ expansion into the Canadian Public Sector Market,” said Erin Foor, Veritas Team Director at Carahsoft.
  • Veritas’ solutions are available to the Canadian Public Sector through Carahsoft’s SLSA Contract EN578-232335 and the company’s reseller partners.
  • For more information, contact Carahsoft’s Veritas Canada team at (888) 662-2724 or [email protected] ; or visit the dedicated Veritas Canada resource center .

Palantir and Carahsoft Expand Partnership to Deliver Mission-Critical Software to the Canadian Public Sector

Retrieved on: 
Thursday, January 25, 2024
Carahsoft, AIP, State-owned enterprise, Partnership, Government agency, AI, Trust (social science), GC, Public, Public sector, Acquisition, PLTR, SLSA

OTTAWA, Ontario, and RESTON, Va., Jan. 25, 2024 (GLOBE NEWSWIRE) -- Palantir Technologies Canada Inc., a wholly owned subsidiary of Palantir Technologies Inc. (“Palantir,” NYSE: PLTR) and Carahsoft Canada , have partnered to expand and accelerate delivery of Palantir’s operating systems across the Canadian Public Sector.

Key Points: 
  • OTTAWA, Ontario, and RESTON, Va., Jan. 25, 2024 (GLOBE NEWSWIRE) -- Palantir Technologies Canada Inc., a wholly owned subsidiary of Palantir Technologies Inc. (“Palantir,” NYSE: PLTR) and Carahsoft Canada , have partnered to expand and accelerate delivery of Palantir’s operating systems across the Canadian Public Sector.
  • Building on the success of Palantir’s partnership with Carahsoft in the United States, Palantir has authorized Carahsoft, The Trusted Government IT Solutions Provider®, to be the sole distributor of the Palantir Platform under the Government of Canada’s (GC) Software Licensing Supply Arrangement (SLSA).
  • SLSA is the primary contracting vehicle used by GC departments, agencies, Crown Corporations and other authorized clients to procure enterprise software licenses.
  • Around the world, Palantir software powers mission-critical outcomes such as all-domain situational awareness, optimizing healthcare delivery, managing non-combatant evacuations, and combatting financial crime.

Apiiro Extends ASPM Platform with Supply Chain Visibility and Toxic Combination Detection

Retrieved on: 
Wednesday, December 6, 2023
Policy, ASPM, SLSA, Software, CIS, PII, SSCS, SCM, Application, Automation, Senior, Risk management

NEW YORK, Dec. 06, 2023 (GLOBE NEWSWIRE) -- Apiiro , a leading application security posture management (ASPM) solution, today announced the addition of integrated software supply chain security (SSCS) into its platform.

Key Points: 
  • NEW YORK, Dec. 06, 2023 (GLOBE NEWSWIRE) -- Apiiro , a leading application security posture management (ASPM) solution, today announced the addition of integrated software supply chain security (SSCS) into its platform.
  • Now, Apiiro’s ASPM is extended to natively provide source control manager (SCM) and CI/CD pipeline visibility, risk detection and assessment, and governance.
  • Apiiro’s ultra-connected and holistic approach to software supply chain security also uniquely enables the detection of chained risks—known as toxic combinations—across application and software supply chain components and unifies context across code, developer behavior, AppSec findings, and supply chain posture.
  • Toxic Combinations Detection: Connects supply chain security risks with other application security risks that, when combined, may present highly business-critical ‘toxic combinations’ that attackers seek out to gain unauthorized access to business-critical systems or sensitive data.

Cybersecurity Startup, Xeol, Raises $3.2M in Seed Round

Retrieved on: 
Tuesday, December 12, 2023
SHIELD, Symantec, Red Hat, Shihan, Traction, Platform, Multimedia, Red, SRE, SBOM, Capital, Y Combinator, Software, AI, SLSA, Datadog, Fortune 500, The Rev, Medical device, Mobile phone, Electricity

NEW YORK, Dec. 12, 2023 /PRNewswire/ -- Xeol, the New York City-based cybersecurity company, announced today that it raised $3.2 million in Seed funding led by Shield Capital with Y Combinator and 468 Capital also participating.

Key Points: 
  • Cyber attacks against private enterprises' software supply chains multiplied sevenfold over the past 3 years.
  • Software supply chains must be secured just as industrial supply chains are secured from components to assembly to delivery.
  • This is becoming even more pressing as open source software use and attack surfaces widen.
  • Benji was the first infrastructure and security engineer at AI unicorn Ada responsible for all things security, compliance, and infrastructure.