Aggregator

What Role Do AI Secrets Play in Ensuring Cloud Security? Where digital threats loom larger than ever, how do organizations navigate complex cloud security? The answer lies in effectively managing AI secrets. This approach ensures that machine identities, an often overlooked aspect of cybersecurity, are adequately protected. Unveiling Non-Human Identities (NHIs) The cornerstone of modern […]

The post How do AI secrets ensure cloud security? appeared first on Entro.

The post How do AI secrets ensure cloud security? appeared first on Security Boulevard.

Are Non-Human Identities the Missing Link in Cybersecurity AI Reliability? Cybersecurity is an evolving field, constantly adapting to new threats and vulnerabilities. But have you considered how Non-Human Identities (NHIs) are shaping cybersecurity, especially regarding AI reliability? NHIs, essentially machine identities, are critical components in creating a secure cloud environment, providing oversight to CISOs and […]

The post What makes AI in cybersecurity reliable? appeared first on Entro.

The post What makes AI in cybersecurity reliable? appeared first on Security Boulevard.

How Do Non-Human Identities Revolutionize Cloud Security? What are Non-Human Identities (NHIs), and why do they hold the key to revolutionizing cloud security for organizations across various industries? Understanding Non-Human Identities and Their Importance Safeguarding sensitive data requires more than just securing human user accounts. Enter Non-Human Identities (NHIs), which are vital components of cybersecurity. […]

The post Why invest in advanced NHIs management? appeared first on Entro.

The post Why invest in advanced NHIs management? appeared first on Security Boulevard.

Is Your Organization Ready to Scale NHIs Safely and Efficiently? Scaling Non-Human Identities (NHIs) is a complex endeavor, particularly in dynamic industries such as financial services, healthcare, and technology-driven sectors that rely heavily on cloud computing. Where NHIs serve as the backbone for automation, the question becomes: how can organizations use NHI management to achieve […]

The post How to scale NHIs safely and efficiently? appeared first on Entro.

The post How to scale NHIs safely and efficiently? appeared first on Security Boulevard.

New capability gives enterprises verified, policy-based control over AI agents and automated traffic

The post Kasada Launches AI Agent Trust to Secure Agentic Commerce appeared first on Security Boulevard.

The lawsuit comes a day after a TSA official vigorously defended the practice as critical to “national security” in testimony to Congress. 

The post Watchdog group sues for TSA data sharing agreement with ICE  appeared first on CyberScoop.

Ianis Antropenko, a Russian national living in California, admitted to committing ransomware attacks against at least 50 victims. He faces up to 25 years in jail.

The post Leader of ransomware crew pleads guilty to four-year crime spree appeared first on CyberScoop.

You must login to view this content

Session 9D: Github + OSN Security

Authors, Creators & Presenters: Aditya Sirish A Yelgundhalli (New York University), Patrick Zielinski (New York University), Reza Curtmola (New Jersey Institute of Technology), Justin Cappos (New York University)

PAPER
Rethinking Trust In Forge-Based Git Security

Git is the most popular version control system today, with Git forges such as GitHub, GitLab, and Bitbucket used to add functionality. Significantly, these forges are used to enforce security controls. However, due to the lack of an open protocol for ensuring a repository's integrity, forges cannot prove themselves to be trustworthy, and have to carry the responsibility of being non-verifiable trusted third parties in modern software supply chains. In this paper, we present gittuf, a system that decentralizes Git security and enables every user to contribute to collectively enforcing the repository's security. First, gittuf enables distributing of policy declaration and management responsibilities among more parties such that no single user is trusted entirely or unilaterally. Second, gittuf decentralizes the tracking of repository activity, ensuring that a single entity cannot manipulate repository events. Third, gittuf decentralizes policy enforcement by enabling all developers to independently verify the policy, eliminating the single point of trust placed in the forge as the only arbiter for whether a change in the repository is authorized. Thus, gittuf can provide strong security guarantees in the event of a compromise of the centralized forge, the underlying infrastructure, or a subset of privileged developers trusted to set policy. gittuf also implements policy features that can protect against unauthorized changes to branches and tags i.e., pushes as well as files/folders i.e., commits. Our analysis of gittuf shows that its properties and policy features provide protections against previously seen version control system attacks. In addition, our evaluation of gittuf shows it is viable even for large repositories with a high volume of activity such as those of Git and Kubernetes (less than 4% storage overhead and under 0.59s of time to verify each push).

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – Rethinking Trust In Forge-Based Git Security appeared first on Security Boulevard.