About the Author

Luke Hinds

CTO

Luke Hinds is the CTO of Stacklok. He is the creator of the open source project sigstore, which makes it easier for developers to sign and verify software artifacts. Prior to Stacklok, Luke was a distinguished engineer at Red Hat.

More posts by this author (12)

Capturing the productivity gains of AI coding assistants without sacrificing control of privacy

Luke Hinds /

Dec 17, 2024

AI Security

Open Source Security

Stacklok has contributed Minder to the OpenSSF out of a deep belief in the power of the open source community

Luke Hinds /

Oct 28, 2024

Community

Minder

Cross-platform RAT deployed by weaponized 'requests' clone

Luke Hinds / Poppaea McDermott /

Aug 30, 2024

Threat Analysis

Introducing the Frizbee GitHub Action: Automatically pin actions and container images to digests

Radoslav Dimitrov / Luke Hinds /

Jun 20, 2024

CI/CD security

Python typosquatting attack targets popular open source PyPI library with 30M weekly downloads

Luis Juncal / Luke Hinds /

Jun 6, 2024

Threat Analysis

Announcing the Proof-of-Diligence (PoD) algorithm: A method of modeling trust and maintainability in open source ecosystems

Luke Hinds / Pankaj Telang /

Apr 17, 2024

Trusty

An analysis of an obfuscated JavaScript malware package

Luke Hinds / Edward Thomson /

Mar 27, 2024

Threat Analysis

CVEs: The emperor's old clothes

Luke Hinds /

Feb 21, 2024

Open Source Security

What is software provenance, or proof of origin?

Luke Hinds /

Jan 5, 2024

Supply Chain Security 101

Privacy Policy Terms of Service

Main Menu

Home About Careers Contact

Products

Stacklok Insight Minder

Resources

All Resources Blog Videos Documentation

Contact Us

hello@stacklok.com

Solutions

Company

Community

Resources

For Developers

Vet the supply chain risk of open source packages

For Open Source Communities

Secure your software supply chain

For Developers

Vet the supply chain risk of open source packages

For Open Source Communities

Secure your software supply chain

About the Author

Luke Hinds

More posts by this author (12)

Capturing the productivity gains of AI coding assistants without sacrificing control of privacy

Stacklok has contributed Minder to the OpenSSF out of a deep belief in the power of the open source community

Cross-platform RAT deployed by weaponized 'requests' clone

Introducing the Frizbee GitHub Action: Automatically pin actions and container images to digests

Python typosquatting attack targets popular open source PyPI library with 30M weekly downloads

Announcing the Proof-of-Diligence (PoD) algorithm: A method of modeling trust and maintainability in open source ecosystems

An analysis of an obfuscated JavaScript malware package

CVEs: The emperor's old clothes

What is software provenance, or proof of origin?

Newsletter

Stay in the loop