Beyond the Invisible Safety Net: Scaling Security Without Slowing Down

Author: Kris Coleman

a document being scanned for compliance, representing the automation of compliance tools

a document being scanned for compliance, representing the automation of compliance tools

Latest posts

Blog

Check out our latest blog posts.

Beyond the Invisible Safety Net: Scaling Security Without Slowing Down

Beyond the Invisible Safety Net: Scaling Security Without Slowing Down

Beyond the Invisible Safety Net: Scaling Security Without Slowing Down

Kris Coleman2/14/2025

Compliance, Left Shifted - A letter to Developers

Compliance, Left Shifted - A letter to Developers

Compliance, Left Shifted - A letter to Developers

Cole Kennedy11/5/2024

The CrowdStrike software 'update' heard around the world

The CrowdStrike software 'update' heard around the world

The CrowdStrike software 'update' heard around the world

Cole Kennedy7/19/2024

Cloud Unfiltered with Cole Kennedy - Attestation is the Key

Cloud Unfiltered with Cole Kennedy - Attestation is the Key

Cloud Unfiltered with Cole Kennedy - Attestation is the Key

Cole Kennedy6/13/2024

Our Role in Protobom, An Open Source Software Supply Chain Tool

Our Role in Protobom, An Open Source Software Supply Chain Tool

Our Role in Protobom, An Open Source Software Supply Chain Tool

Cole Kennedy5/22/2024

JUDGE is now a living, breathing, mutating Product

JUDGE is now a living, breathing, mutating Product

JUDGE is now a living, breathing, mutating Product

Kris Coleman5/17/2024

Announcing JUDGE in AWS Marketplace

Announcing JUDGE in AWS Marketplace

Announcing JUDGE in AWS Marketplace

Mikhail Swift5/6/2024

Announcing the Witness GitLab Component

Announcing the Witness GitLab Component

Announcing the Witness GitLab Component

Mikhail Swift4/11/2024

GitLab Support Now Available in JUDGE!

GitLab Support Now Available in JUDGE!

GitLab Support Now Available in JUDGE!

Kris Coleman2/22/2024

DevSecOps: Moving from Implicit Trust to Explicit Proof

DevSecOps: Moving from Implicit Trust to Explicit Proof

DevSecOps: Moving from Implicit Trust to Explicit Proof

Cole Kennedy1/31/2024

Witness and Archivista Donated to In-Toto

Witness and Archivista Donated to In-Toto

Witness and Archivista Donated to In-Toto

Mikhail Swift1/29/2024

SSDF Attestation- CEO and COO Responsibilities

SSDF Attestation- CEO and COO Responsibilities

SSDF Attestation- CEO and COO Responsibilities

Cole Kennedy11/20/2023

Securing Our Vision: The $6.4M Seed Funding Milestone

Securing Our Vision: The $6.4M Seed Funding Milestone

Securing Our Vision: The $6.4M Seed Funding Milestone

Cole Kennedy11/8/2023

Go Generics in Witness

Go Generics in Witness

Go Generics in Witness

Mikhail Swift10/18/2023

Culture at TestifySec: Grounded in Trust, Nurtured by Empathy

Culture at TestifySec: Grounded in Trust, Nurtured by Empathy

Culture at TestifySec: Grounded in Trust, Nurtured by Empathy

Cole Kennedy9/27/2023

Revolutionizing Agile Workflows - How GitHub Projects Empower Open Source Development

Revolutionizing Agile Workflows - How GitHub Projects Empower Open Source Development

Revolutionizing Agile Workflows - How GitHub Projects Empower Open Source Development

Kris Coleman7/26/2023

Why I Joined TestifySec

Tanner Jones7/17/2023

The Future of Cybersecurity Management and Corporate Governance

The Future of Cybersecurity Management and Corporate Governance

The Future of Cybersecurity Management and Corporate Governance

Cole Kennedy7/13/2023

Creating an Ergonomic Workstation - Prioritizing Your Well-being at TestifySec

Creating an Ergonomic Workstation - Prioritizing Your Well-being at TestifySec

Creating an Ergonomic Workstation - Prioritizing Your Well-being at TestifySec

Kris Coleman6/30/2023

in-toto Security Audit Response

in-toto Security Audit Response

in-toto Security Audit Response

Cole Kennedy6/14/2023

TestifySec Witness and Archivista: Supply Chain Security and SSDF Compliance for Federal Market

TestifySec Witness and Archivista: Supply Chain Security and SSDF Compliance for Federal Market

TestifySec Witness and Archivista: Supply Chain Security and SSDF Compliance for Federal Market

Cole Kennedy4/12/2023

An attestation based approach to Software Risk Managment

An attestation based approach to Software Risk Managment

An attestation based approach to Software Risk Managment

Cole Kennedy3/14/2023

Building an Effective Enterprise Software Supply Chain Policy

Building an Effective Enterprise Software Supply Chain Policy

Building an Effective Enterprise Software Supply Chain Policy

Cole Kennedy3/9/2023

Keyless Signing With Witness and SigStore

Keyless Signing With Witness and SigStore

Keyless Signing With Witness and SigStore

Cole Kennedy1/20/2023

Generating and Verifying Attestations With Witness

Generating and Verifying Attestations With Witness

Generating and Verifying Attestations With Witness

Cole Kennedy12/9/2022

Secure Your Software Supply Chain with Archivista

Secure Your Software Supply Chain with Archivista

Secure Your Software Supply Chain with Archivista

Cole Kennedy12/5/2022

Comparing in-toto and Sigstore: Two Approaches to Software Supply Chain Security

Comparing in-toto and Sigstore: Two Approaches to Software Supply Chain Security

Comparing in-toto and Sigstore: Two Approaches to Software Supply Chain Security

Cole Kennedy12/2/2022

Introducing Archivist

Introducing Archivist

Introducing Archivist

Mikhail Swift10/24/2022

TestifySec Recruits Chris Hughes as Advisor

Cole Kennedy5/19/2022

Frederick Kautz Joins TestifySec as Senior VP of Engineering

Cole Kennedy4/27/2022

EO 14028 and Supply Chain Security - Turtles All the Way Down

EO 14028 and Supply Chain Security - Turtles All the Way Down

EO 14028 and Supply Chain Security - Turtles All the Way Down

Cole Kennedy4/14/2022

Automating Compliance - Why the SBOM Falls Short

Automating Compliance - Why the SBOM Falls Short

Automating Compliance - Why the SBOM Falls Short

Cole Kennedy3/14/2022

Zero Trust in the Supply Chain

Zero Trust in the Supply Chain

Zero Trust in the Supply Chain

Cole Kennedy2/21/2022

The OMB Tells America - The Zero Trust Clock is Ticking

The OMB Tells America - The Zero Trust Clock is Ticking

The OMB Tells America - The Zero Trust Clock is Ticking

Cole Kennedy1/31/2022

Supply Chain Attack Typology - How Bad Actors Corrupt and Exploit

Supply Chain Attack Typology - How Bad Actors Corrupt and Exploit

Supply Chain Attack Typology - How Bad Actors Corrupt and Exploit

Cole Kennedy1/31/2022

Zero Trust - an architecture, a product or a mindset?

Zero Trust - an architecture, a product or a mindset?

Zero Trust - an architecture, a product or a mindset?

Cole Kennedy1/26/2022

What Is The SSDF - And What Does It Mean For My Software Supply Chain Compliance?

What Is The SSDF - And What Does It Mean For My Software Supply Chain Compliance?

What Is The SSDF - And What Does It Mean For My Software Supply Chain Compliance?

Cole Kennedy11/16/2021

The Software Supply Chain - A History of Security Failure

The Software Supply Chain - A History of Security Failure

The Software Supply Chain - A History of Security Failure

Cole Kennedy11/5/2021

Introduction to TestifySec

Introduction to TestifySec

Introduction to TestifySec

Cole Kennedy10/6/2021

What is a supply chain attestation

What is a supply chain attestation

What is a supply chain attestation

Cole Kennedy9/7/2021