Ecosystem Security

Enhancing trust for SGX enclaves

| | confidential computing, Ecosystem Security, open source, supply chain
By Artur Cygan Creating reproducible builds for SGX enclaves used in privacy-oriented deployments is a difficult task that lacks a convenient and robust solution. We propose using Nix to achieve reproducible and ...
Trail of Bits Blog

Celebrating our 2023 open-source contributions

| | blockchain, cryptography, Ecosystem Security, machine learning, open source, osquery, supply chain
At Trail of Bits, we pride ourselves on making our best tools open source, such as Slither, PolyTracker, and RPC Investigator. But while this post is about open source, it’s not about ...
Trail of Bits Blog

Internet freedom with the Open Technology Fund

| | audits, Dynamic Analysis, Ecosystem Security, Engineering Practice, open source, supply chain, Uncategorized
By Spencer Michaels, William Woodruff, Jeff Braswell, and Cliff Smith Trail of Bits cares about internet freedom, and one of our most valued partners in pursuit of that goal is the Open ...
Trail of Bits Blog

Adding build provenance to Homebrew

| | cryptography, Ecosystem Security, Engineering Practice, open source
By William Woodruff This is a joint post with Alpha-Omega—read their announcement post as well! We’re starting a new project in collaboration with Alpha-Omega and OpenSSF to improve the transparency and security ...
Trail of Bits Blog
Trusted publishing: a new benchmark for packaging security

Trusted publishing: a new benchmark for packaging security

| | Ecosystem Security, Engineering Practice
Read the official announcement on the PyPI blog as well! For the past year, we’ve worked with the Python Package Index to add a new, more secure authentication method called “trusted publishing.” ...
Trail of Bits Blog