The Kusari Edge

December

2024

ICYMI: Noteworthy Headlines 🗞️

Due to the growing threat of Salt Typhoon, a China-linked group targeting telecom networks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued new security guidance
Google has successfully retrofitted spatial memory safety onto C++, showing it is possible to improve legacy codebase security without sacrificing performance
Russia’s BlueAlpha APT has been exploiting Cloudflare tunnels to bypass security measures, targeting cloud infrastructure in their attacks
As part of the Python community’s work to improve supply chain security in the Python ecosystem, the PyPI repository now supports attestations

GUAC welcomed a new contributor and published a bugfix release in November; read the December 2024 update to learn more
Did you know that three KubeCon Salt Lake City keynotes noted GUAC as a key project? Aside from mentioning us, these talks are coffee break worthy, featuring great speakers worth watching:

Amid the flurry of innovation and collaboration at KubeCon, it’s clear that securing open source is no longer just a technical issue — it’s a responsibility we all share
Dark Reading agrees: Open Source Incidents Aren’t Going Away, so it’s important to invest in soft and hard skills to secure open source software
Rust is a game-changer for memory safety, but rewriting all legacy code isn’t feasible; learn how improved tools and strategic migration can help

Calling maintainers! Apply for the GitHub Secure Open Source Fund by January 7. There's $1.25 million + education, mentoring and more available
Enjoy the holiday season; see you in 2025! 🎉

The Linux Foundation unveiled its Census III study of free and open source software, in partnership with OpenSSF and the Laboratory for Innovation Science at Harvard