Introducing SLSA, an End-to-End Framework for Supply Chain Integrity
Под конец рабочей недели еще один пост с материалами от Google. Компания представила фреймворк SLSA (Supply-chain Levels for Software Artifacts), в котором обобщён имеющийся опыт по защите инфраструктуры разработки от атак, осуществляемых на стадии написания кода, тестирования, сборки и распространения продукта. Фреймворк учитывает 8 видов атак, связанных с угрозами внесения вредоносных изменений на стадиях, указанных выше. Каждая атака описана существующим примером. Оригинал можно прочитать здесь.
Introducing SLSA, an End-to-End Framework for Supply Chain Integrity
Под конец рабочей недели еще один пост с материалами от Google. Компания представила фреймворк SLSA (Supply-chain Levels for Software Artifacts), в котором обобщён имеющийся опыт по защите инфраструктуры разработки от атак, осуществляемых на стадии написания кода, тестирования, сборки и распространения продукта. Фреймворк учитывает 8 видов атак, связанных с угрозами внесения вредоносных изменений на стадиях, указанных выше. Каждая атака описана существующим примером. Оригинал можно прочитать здесь.
In many cases, the content resembled that of the marketplaces found on the dark web, a group of hidden websites that are popular among hackers and accessed using specific anonymising software.“We have recently been witnessing a 100 per cent-plus rise in Telegram usage by cybercriminals,” said Tal Samra, cyber threat analyst at Cyberint.The rise in nefarious activity comes as users flocked to the encrypted chat app earlier this year after changes to the privacy policy of Facebook-owned rival WhatsApp prompted many to seek out alternatives.
Should You Buy Bitcoin?
In general, many financial experts support their clients’ desire to buy cryptocurrency, but they don’t recommend it unless clients express interest. “The biggest concern for us is if someone wants to invest in crypto and the investment they choose doesn’t do well, and then all of a sudden they can’t send their kids to college,” says Ian Harvey, a certified financial planner (CFP) in New York City. “Then it wasn’t worth the risk.” The speculative nature of cryptocurrency leads some planners to recommend it for clients’ “side” investments. “Some call it a Vegas account,” says Scott Hammel, a CFP in Dallas. “Let’s keep this away from our real long-term perspective, make sure it doesn’t become too large a portion of your portfolio.” In a very real sense, Bitcoin is like a single stock, and advisors wouldn’t recommend putting a sizable part of your portfolio into any one company. At most, planners suggest putting no more than 1% to 10% into Bitcoin if you’re passionate about it. “If it was one stock, you would never allocate any significant portion of your portfolio to it,” Hammel says.
