Formal verification in the era of AI https://open.substack.com/pub/opencybersecuritytrends/p/formal-verification-in-the-era-of

Picard management tip: A captain's primary role is to inspire the crew's desire to complete their mission.

🛡️ #gittuf brings supply chain security to the source itself - applying portable, policy-based attestations directly to Git repositories. From two-party reviews to test enforcement, gittuf makes GitOps & repo-driven workflows more trustworthy by default.

🎥 Watch the Project Spotlight: https://youtu.be/bQ-GHyHJcbc?si=SeuGgB9HtemmMzIO

The PyCon US 2026 Call for Proposals is open for just a couple more days, and you (yes, you!) have something to talk about! You can find info and details about proposing Talks, Charlas, Tutorials, and Posters at https://us.pycon.org/2026/speaking/guidelines/.

Have you gotten your proposals in yet?

Picard management tip: Once all their basic needs are taken care of, crew members are motivated by the meaningfulness of their work.

So I heard you like #SBOM, so I put SBOM into the #Python wheels in #Fedora RPMs, so when you unwheel the wheels, you get the SBOM.

If your Python virtual environment was created on Fedora, your #security scanner can recognize #CVE fixes in patched pip (or setuptolos) within.

The question, however, is: What to do with this now :D

https://developers.redhat.com/articles/2025/12/15/how-reduce-false-positives-security-scans

Anyway, security scanner people, please reach out.

Zero trust applied to agentic AI https://opencybersecuritytrends.substack.com/p/zero-trust-applied-to-agentic-ai

Something that’s been bothering me for years in the security world: why do researchers demand bug bounties for vulnerabilities in open source projects, when the very contributors maintaining and fixing those issues get nothing, just goodwill?

It feels deeply unfair. The burden falls on unpaid maintainers, yet bounty hunters get rewarded. If you want a paid bounty, maybe help fund the people who actually fix the mess too.

#opensource #security #bugbounty

¡Buenos días! Motivación, disciplina y esfuerzo 🥰

Via manu_garabatos

#educación #education #educar #buenosdías #educació #mestres #maestros

Una gamejam "made in València", libre y con mucha filosofía. Para todo el mundo. 🕹️

#LliureJam26 arranca en unos 2 meses, y vendrá con varios talleres, charlas y mucha fieshta!! 😍

https://gnulinuxvalencia.org/lliurejam26-presentacio/

#LliureJam #SoftwareLibre #LibreSoftware #FOSS #FLOSS #GameJam #GameDev #València #ProgramariLliure

Harden your AI systems: Applying industry standards in the real world https://www.redhat.com/en/blog/harden-your-ai-systems-applying-industry-standards-real-world

@frankenrol ¡Gracias!

🚨The #CfP for #DevConf_CZ 2026 is officially open!

Are you passionate about #opensource? This is your chance to share your idea, project update, best practices, deployment or success story with the open source #community!

Get your submission in ➡️https://www.devconf.info/cz

@frankenrol he jugado un poco a juegos de rol en el pasado: dungeons and dragons, stormbringer y algún otro. ¿Hay algún libro que explique como ser mejor DM?

🎁 GenAI x Sec Advent 15 - MCP Security

Nice discovery for today. A playground to practice MCP security. This repository contains 10 real Model Context Protocol security scenarios.

If you want to practice your AI security skills, this is a solid way to understand MCP security.

👉 https://github.com/PawelKozy/mcp-breach-to-fix-labs

@raesene this is cool. Canary alerts, if well positioned, are much better alerts for a SIEM than the regular alerts companies usually have.

Picard sociology tip: Those who rise to power by embracing ignorance and fear will only make their people more ignorant and afraid.

For decades, RSS has been a workhorse that connects systems on the timely web and ensures that publishers can syndicate and grow their reach. Here's why it matters more than ever. https://werd.io/why-rss-matters/