Latest news with #SLSA
Associated Press
14-05-2025
- Associated Press
Introducing Chainguard Libraries for Python: Malware-Resistant Dependencies Built Entirely from Source
New Python language libraries with end-to-end integrity help organizations build software safer and more efficiently KIRKLAND, Wash., May 14, 2025 /PRNewswire/ -- Chainguard, the secure foundation for software development and deployment, today announced Chainguard Libraries for Python, an index of malware-resistant Python dependencies built securely from source on SLSA L2 infrastructure. By securely building every library and all of its dependencies from source, Chainguard Libraries for Python provides application security teams with confidence that malware has not been inserted during the build and distribution of libraries in the Python ecosystem, closing a significant gap in the threat landscape. To start, Chainguard has built nearly 10,000 of the most popular projects and will continuously grow its inventory of Python libraries to become the safe source for all open source. The growing threat of malware in the Python ecosystem Today, more than half of the world's developers rely on Python, a programming language that has become the foundation of modern AI and machine learning applications. As the popularity of Python has surged, so has the frequency and severity of supply chain attacks against the ecosystem. Notable malware attacks against popular Python packages like Ultralytics and PyTorch TorchTriton have shaken the community and demonstrated the risk of relying on traditional mechanisms (e.g., public registries like PyPI) for language library consumption. These public registries do minimal vetting of hosted artifacts, and they do not provide assurance that the distributed library matches its source code, exposing enterprises to supply chain attacks. Additionally, Python libraries are susceptible to supply chain attacks because many projects include more than just pure Python code — project maintainers often rebundle shared system libraries into their Python libraries to ensure stable behavior. This practice of rebundling OS dependencies into Python libraries obscures the components from security scanners, meaning the vulnerabilities they introduce to production environments go unnoticed and pose a serious risk for enterprise security. With Chainguard Libraries for Python, Chainguard delivers malware protection for one of the most critical and vulnerable parts of the supply chain — the language dependencies that developers rely on to build and deploy applications. Up to now, application security teams have had no comprehensive solution for mitigating malware without disrupting their developers' workflows and productivity. This left enterprises susceptible to the risks of malicious code that could waste resources, steal application secrets, break production systems, or even leak customer data. Chainguard Libraries for Python integrates with existing artifact managers to empower application security teams to close this massive security hole while meeting developers how they work. 'Chainguard is rebuilding every component for a given library — Python, Java, or otherwise — from source so organizations can mitigate malware, have clear visibility into what exactly is in their software, and eliminate the risk of hidden supply chain vulnerabilities,' said Kim Lewandowski, Co-founder and Chief Product Officer, Chainguard. 'We're providing a secure, trusted source of Python libraries that allows enterprises to remove friction and add security without asking developers to change how they build and deploy software.' Mitigating malware attacks across Python dependencies Following the recent launch of Chainguard Libraries for Java, Chainguard is building every dependency for every Python library from source, combating malware injection at the build and distribution links of the open source supply chain. This reduces risk from supply chain threat vectors like compromised build processes, release pipelines, and distribution points. Isolating and rebuilding the shared system dependencies required by Python libraries allows Chainguard to eliminate an additional hidden attack vector stemming from bundled software components. Chainguard Libraries for Python furthers the company's mission to be the safe source for open source and gives customers greater confidence to ship products more efficiently and securely. Chainguard now helps organizations secure even more of the modern development stack, starting with the OS and runtime environment with minimal, zero-CVE containers and virtual machines, and up to the application layer with language libraries for Python and Java. 'At Paylocity, application security is core to the modern HR, payroll and spend management software we're building,' said Joe Christian, Senior Engineering Manager, Application Security, Paylocity. 'Chainguard already helps us reduce our attack surface while giving our teams confidence in what they're shipping. We see promise in Chainguard Libraries for Python to ensure developers can build securely from the very first line of code.' 'MAN Energy Solutions enables its customers to achieve sustainable value creation in the transition towards a carbon neutral future. As a global provider of large-scale industrial machinery and energy solutions, software supply chain security is a top priority,' Carsten Skov, Senior DevOps Engineer, MAN Energy Solutions. 'Chainguard Containers have already helped us ensure that our containerized analytics workloads are built and run securely by default. Now, we're excited about the potential of Chainguard Libraries for Python to further strengthen our software supply chain by mitigating the risks posed by unverified dependencies and malware in the Python ecosystem. Securing these workloads plays a key role in ensuring that the MAN-CEON Digital Ecosystem continues to meet the requirements of ISO/IEC 27001:2022 and ABS Cyber Safety Certification.' Chainguard Libraries for Python is now available in early access. For more information, visit About Chainguard Chainguard is the secure foundation for software development and deployment. By providing guarded open source software with Chainguard Containers, VMs, and Libraries, built from source and updated continuously, Chainguard helps organizations eliminate threats in their software supply chains. Its customers include Fortune 500 enterprises and global industry leaders, including Anduril, ANZ Bank, Canva, Hewlett Packard Enterprise, MAN Energy Solutions, Snap Inc., and Snowflake. Chainguard is venture-backed by leading investors, including Amplify, IVP, Kleiner Perkins, Lightspeed Venture Partners, Mantis VC, Redpoint Ventures, Sequoia Capital, and Spark Capital. For more information, visit: View original content to download multimedia: SOURCE Chainguard
Asharq Al-Awsat
20-04-2025
- Climate
- Asharq Al-Awsat
Six Drowning Deaths as Huge Waves Hit Australian Coast
A fisherman died after being swept off rocks near Sydney on Sunday, stretching the Easter weekend death toll of drownings to six as huge waves battered Australia's east coast. Emergency services winched two people from the surf at Wattamolla Beach, but one of them couldn't be revived, New South Wales Police said in a statement. The pair had been fishing when swept off rocks on the outskirts of southern Sydney. The second person, a 14-year-old boy, was in a stable condition in hospital. It continued a run of fatalities over the holiday weekend, with the search ongoing for two other people still missing in the surf since Friday -- one off Sydney and one off Melbourne. Surf Life Saving Australia (SLSA) issued a warning on Thursday that strong swells would create hazardous surf conditions along the coasts of New South Wales and Victoria. Three people drowned on Friday in New South Wales, while a woman died and a man went missing after they were swept into the sea near Melbourne. On Saturday, when swells were as high as 3.5 meters (11.5 feet) in some places, a fisherman was swept to his death off rocks in southern New South Wales. SLSA had released data before the weekend showing 630 people had died at beaches without an active lifesaving service over the last 10 years. Chief executive Adam Weir advised patrolled beaches should be prioritized for safety. "We know that Aussies and visitors to our country like to go off the beaten track to enjoy camping, fishing and other coastal activities," Weir said in a statement. "But these coastal locations can present dangers, some that you can see and some that you can't, which is why we have some simple advice: Stop, Look, Stay Alive."
South China Morning Post
20-04-2025
- Climate
- South China Morning Post
Drowning tally at 6 as huge waves hit Australia's east coast
A fisherman died after being swept off rocks near Sydney on Sunday, stretching the Easter weekend death toll of drownings to six as huge waves battered Australia 's east coast. Advertisement Emergency services winched two people from the surf at Wattamolla Beach, but one of them could not be revived, New South Wales Police said in a statement. The pair had been fishing when swept off rocks on the outskirts of southern Sydney. The second person, a 14-year-old boy, was in a stable condition in hospital. It continued a run of fatalities over the holiday weekend, with the search ongoing for two other people still missing in the surf since Friday – one off Sydney and one off Melbourne. Advertisement Surf Life Saving Australia (SLSA) issued a warning on Thursday that strong swells would create hazardous surf conditions along the coasts of New South Wales and Victoria.
Yahoo
20-04-2025
- Climate
- Yahoo
Six drowning deaths as huge waves hit Australian coast
A fisherman died after being swept off rocks near Sydney on Sunday, stretching the Easter weekend death toll of drownings to six as huge waves battered Australia's east coast. Emergency services winched two people from the surf at Wattamolla Beach, but one of them couldn't be revived, New South Wales Police said in a statement. The pair had been fishing when swept off rocks on the outskirts of southern Sydney. The second person, a 14-year-old boy, was in a stable condition in hospital. It continued a run of fatalities over the holiday weekend, with the search ongoing for two other people still missing in the surf since Friday -- one off Sydney and one off Melbourne. Surf Life Saving Australia (SLSA) issued a warning on Thursday that strong swells would create hazardous surf conditions along the coasts of New South Wales and Victoria. Three people drowned on Friday in New South Wales, while a woman died and a man went missing after they were swept into the sea near Melbourne. On Saturday, when swells were as high as 3.5 metres (11.5 feet) in some places, a fisherman was swept to his death off rocks in southern New South Wales. SLSA had released data before the weekend showing 630 people had died at beaches without an active lifesaving service over the last 10 years. Chief executive Adam Weir advised patrolled beaches should be prioritised for safety. "We know that Aussies and visitors to our country like to go off the beaten track to enjoy camping, fishing and other coastal activities," Weir said in a statement. "But these coastal locations can present dangers, some that you can see and some that you can't, which is why we have some simple advice: Stop, Look, Stay Alive." bur-dgi/rsc
Yahoo
20-04-2025
- Climate
- Yahoo
Six drowning deaths as huge waves hit Australian coast
A fisherman died after being swept off rocks near Sydney on Sunday, stretching the Easter weekend death toll of drownings to six as huge waves battered Australia's east coast. Emergency services winched two people from the surf at Wattamolla Beach, but one of them couldn't be revived, New South Wales Police said in a statement. The pair had been fishing when swept off rocks on the outskirts of southern Sydney. The second person, a 14-year-old boy, was in a stable condition in hospital. It continued a run of fatalities over the holiday weekend, with the search ongoing for two other people still missing in the surf since Friday -- one off Sydney and one off Melbourne. Surf Life Saving Australia (SLSA) issued a warning on Thursday that strong swells would create hazardous surf conditions along the coasts of New South Wales and Victoria. Three people drowned on Friday in New South Wales, while a woman died and a man went missing after they were swept into the sea near Melbourne. On Saturday, when swells were as high as 3.5 metres (11.5 feet) in some places, a fisherman was swept to his death off rocks in southern New South Wales. SLSA had released data before the weekend showing 630 people had died at beaches without an active lifesaving service over the last 10 years. Chief executive Adam Weir advised patrolled beaches should be prioritised for safety. "We know that Aussies and visitors to our country like to go off the beaten track to enjoy camping, fishing and other coastal activities," Weir said in a statement. "But these coastal locations can present dangers, some that you can see and some that you can't, which is why we have some simple advice: Stop, Look, Stay Alive." bur-dgi/rsc
