Mihai Maruseac
@mihai.page
Supply chain security @ Google OSS Security Team. Previously TensorFlow Security & OSS (@ Google); Haskell+differential privacy+ML @ LeapYear.
For now. Give it a few days
November 6, 2025 at 5:58 AM
For now. Give it a few days
And last, but not least, OpenSSF will soon launch a new @linuxfoundation.org course, LFEL1012, on using AI coding assistants. Stay tuned!
September 18, 2025 at 1:50 PM
And last, but not least, OpenSSF will soon launch a new @linuxfoundation.org course, LFEL1012, on using AI coding assistants. Stay tuned!
Next, we have a Tech Talk next Wednesday, about a secure ML lifecycle. See more details at openssf.org/resources/te...
Tech Talk: Securing the AI Lifecycle: Trust, Transparency & Tooling in Open Source – Open Source Security Foundation
openssf.org
September 18, 2025 at 1:50 PM
Next, we have a Tech Talk next Wednesday, about a secure ML lifecycle. See more details at openssf.org/resources/te...
First, the openssf.org/blog/2025/09... is an exceptional guidance on using AI for writing code securely.
New OpenSSF Guidance on AI Code Assistant Instructions – Open Source Security Foundation
openssf.org
September 18, 2025 at 1:50 PM
First, the openssf.org/blog/2025/09... is an exceptional guidance on using AI for writing code securely.
I'd start with keras.io/examples/str... in this case and see how to apply to the current scenario
Keras documentation: Structured Data
Keras documentation
keras.io
September 6, 2025 at 1:58 PM
I'd start with keras.io/examples/str... in this case and see how to apply to the current scenario
Do you have labeled examples? Is the input the same shape always? Text or image?
I'd probably reach out to keras/jax first, Keras has tutorials for the basic models, Francois also has a book
I'd probably reach out to keras/jax first, Keras has tutorials for the basic models, Francois also has a book
September 6, 2025 at 1:17 PM
Do you have labeled examples? Is the input the same shape always? Text or image?
I'd probably reach out to keras/jax first, Keras has tutorials for the basic models, Francois also has a book
I'd probably reach out to keras/jax first, Keras has tutorials for the basic models, Francois also has a book
Sorry, just saw this now. I think I saw an email on this sissy in an internal list but I'll try to raise a flag when I get back
August 15, 2025 at 9:56 AM
Sorry, just saw this now. I think I saw an email on this sissy in an internal list but I'll try to raise a flag when I get back
There is SLSA source track (SLSA.dev) that looks at the chain of trust from git commits. Slightly tangential to our discussion
Supply-chain Levels for Software Artifacts
SLSA is a security framework. It is a check-list of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure in your projects, businesses or enterprises. ...
SLSA.dev
July 28, 2025 at 8:53 PM
There is SLSA source track (SLSA.dev) that looks at the chain of trust from git commits. Slightly tangential to our discussion
Nearly so! Initial goal is to prevent tampering of the model itself (think insider risk, either on the model hub or between training and upload). But then we realized that integrity by itself is not enough, we actually also need to tie to producer identity.
See also trusted publishing on pypi,etc
See also trusted publishing on pypi,etc
July 28, 2025 at 8:35 PM
Nearly so! Initial goal is to prevent tampering of the model itself (think insider risk, either on the model hub or between training and upload). But then we realized that integrity by itself is not enough, we actually also need to tie to producer identity.
See also trusted publishing on pypi,etc
See also trusted publishing on pypi,etc