Today we went public with some research work turned prototype, and soon to be available feature in the free Stacklok Trusty threat pipeline service. The last time I was honestly this excited about a project was after starting sigstore. It’s now the turn of others to feedback what they observe and summarise, so we are opening a private beta test cycle. We are seeking security researchers, developers, and OSPO folks to collaborate and tell us of their impressions, concerns or praise.
For more details have a read of my co-authored blog on stacklok; https://stacklok.com/blog/announcing-the-proof-of-diligence-pod-algorithm-a-new-approach-to-evaluating-open-source-safety-and-sustainability
