GitHub proposes to adopt Sigstore adoption to link npm packages
GitHub never ceases to make headlines with their different efforts to make collaborations across their hosting platform as easy as possible for users. In that regard, this week, they have proposed to add a new security mechanism to the npm package registry available to their millions of JavaScript and TypeScript developers.
In detail, the idea is to use the Sigstore service to sign npm packages to provide a verifiable link between a public npm package, the build infrastructure, and the source repository.
The Sigstore project was launched in March 2021 by a pool of companies – Google, Red Hat, VMware, and managed by the Linux Foundation.
It helps with the installation of most open source software by removing the need for managing signing keys by issuing short term keys based on OpenID Connect (OIDC) identities, while also recording the actions in an immutable ledger called rekor.
At the moment, though, Sigstore is not done yet and is still in its experimental phase. There are also concerns about Sigstore’s reliance on third-party platforms like Microsoft, Google, and GitHub, that it may result in a loss of privacy which may not suit private npm packages.
Irrespective, GitHub is making relentless efforts to improve the npm packages security level.
Google adds Workspace client-side encryption to Meet
Google also takes the top spot this week as it announced that it has added Workspace Client-side encryption to Meet, ensuring that customers get the highest degree of protection and increased control over their data.
This new security feature will first be available on the web, while the support for meeting rooms and mobile devices will be introduced later.
The client-side encryption seeks to give users direct control of their encryption keys and the identity service that they choose to authenticate for those keys. This also guarantees that Google cannot access audio and video content under any circumstances, while helping their customers meet regulatory compliance in many regions.
According to Google, bringing the Client-side encryption to Meet is another significant milestone in Google Workspace’s industry-leading encryption work, offering the users the highest degree of protection and control over their data.
Slack openly admits to accidentally exposing hashed passwords
Office communication platform, Slack, has openly admitted to accidentally exposing the hashed passwords of some users.
According to a Wired report, Slack’s vulnerability in this regard has cryptographically exposed scrambled versions of some users’ passwords, and this has been as long as five years, specifically from April 17, 2017 to July 17, 2022.
This, as a matter of fact, has impacted everyone that has either created or revoked a shared invite link to join a particular workspace in the last five years. However, Slack’s security advisory has confirmed that the underlying bug has been fixed and that investigations have begun into the potential impact of this issue. In the meantime, Slack recommends customers to enable two-factor authentication.
Mailchimp leads the email direct marketing service key players in recent times
The most recent report of the Email Direct Marketing Service Market shows a detailed outlook of the market, specifically the factors that are crucial for navigating the market, the current key players in that area and the growth prospects of these players.
In this report, Mailchimp leads the assessment pole in the various aspects which include technological innovations, market risks, competitive landscape, and other aspects of the email service market.
The email direct marketing market is booming globally with MailChimp being a top player and has a high prospect of remaining a top player in the next 6 years. Other top players include SendinBlue, Constant Contact
You can check the rest of the report here.
Quick Tip:  Want to know more about Mailchimp, then check our complete review of the software. |
Xero collaborates with Looka on a new referral partnership scheme
Looka Inc. is a leading AI-powered design platform that has newly collaborated with Xero, a global small business platform, to deliver accounting solutions for businesses through their Partner Marketplace – a curated list of best-fit partners designed to maximize business services for small business owners globally.
With this new Marketplace Program, it’s now possible for Looka users to take control of their finances with the latest referral partnership with Xero.
This collaboration makes a significant value-add for Looka’s customers who are looking to take control of their finances in one location so small business owners can confidentially understand their financial data.
Adobe reveals collaboration with Apple on film, Luck
Last week, Apple TV+ premiered its first ever feature-length animation film, Luck, which was done in partnership with Skydance Animation. However, what the public doesn’t quickly realize is that the leading software development platform, Adobe has an important part to play in the Apple Original Film too.
This week, not only did Adobe reveal the behind-the-scenes of film development, they also released the stories of the “visionary women” who worked on the animation.
The video shows how these artists use the Adobe software and Apple products like Macs and iPads during the process of creating the animations.
FreshBooks secures $100m in syndicated debt facility
This week, the accounting software platform FreshBooks, announced that they have secured $100m in a syndicated debt facility from BMO Financial Group and JP Morgan. The facility also includes an uncommitted accordion feature of $25m, for a total borrowing capacity of up to $125m.
This debt facility will enable FreshBooks to continue its rapid global expansion plans, including strategic acquisitions and investment into more regulated markets. The company offers cloud-based accounting software that simplifies invoicing, expenses, payments, payroll, and financial reporting.
The FinTech company previously raised $80.75m in its Series E funding round, which closed in August 2021.
| Pro Tip: Is FreshBook the right software for you? Decide it after finding details about its features, pricing, usability, and many more in our FreshBook review. |
Anaconda announces strategic partnership with Oracle
Lastly, for this week, Anaconda Inc., provider of one of the world’s most popular data science platforms, announced a collaboration with Oracle Cloud Infrastructure to offer secure open-source Python and R tools and packages by embedding and enabling Anaconda’s repository across OCI Artificial Intelligence and Machine Learning Services.
With this partnership, customers can now have access to Anaconda services directly from within OCI without a separate enterprise license.
Together, the two platforms are looking forward to bringing open-source innovation to the enterprise, helping apply ML and AI to the most important business and research initiatives.