Bob Callaway

I am really excited that NVIDIA model hub is the first model hub that has adopted the model signing project. NVIDIA has collaborated significantly on the project and is a major reason for the standardization of the signature format (OMS).

I was pleasantly surprised to see model signing presented in the first 5 slides of the conference. And then the A2A talk raised the stakes: we need to sign the agent cards. My thesis: we can do the same with the same model signing solution

Excellent post on how confidential computing is being used with the https://t.co/Ue7ObfJrVY witness ecosystem. https://t.co/2LpYnhhrhv

Yesterday we launch v1.0 of model signing library, taming the wild west of model formats and deserialization vulnerabilities. You can read more about why this is needed and why we picked Sigstore as main signing method at https://t.co/SFdmRLgAH3

The vote for in-toto's graduation is live on https://t.co/x1ohdvWl93! Show your support with a 👍!

OSV-Scanner has just released the first beta for V2, a major update that includes significant new features, including layer-aware container scanning, remediation for pom.xml, new HTML output and more. https://t.co/kkPK2KHBTk Please try it out and give us feedback!

https://t.co/MJrSrcgXqC Awesome blog on how we’re using SLSA to make GKE more secure for our customers!

Happy new year! OSV had a lot of great progress in 2024, from new ecosystem adoption, API improvements, and scanner feature development! We just published a blog about these and our 2025 plans here: https://t.co/7vRkoPHZfO !

New blog post about OSS-Fuzz AI-powered fuzzing is live! We talk about what went into making LLMs work well enough for this use case to find 26 new vulnerabilities (including a CVE in OpenSSL), as well as what else we have planned to make this better. https://t.co/ewCUmtRs6P

Join us at SigstoreCon: Supply Chain Day on Nov 12, co-located with KubeCon NA in SLC! Registration includes a day of engaging talks, lunch, and swag! https://t.co/9KOMMkiaoa