Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software professionals view these practices as useful or not? Easy or hard? To help answer these and related questions, Chainguard, the Eclipse Foundation, the Rust Foundation, and the Open Source Security Foundation (OpenSSF) partnered to field a software supply chain security survey.
Improving Software Security with Profisea: Why Incorporate Supply
Improving Software Security with Profisea: Why Incorporate Supply
Understanding the SLSA Cybersecurity Framework
Draft Version 1.0 of SLSA Open for Comments - Open Source Security
Securing the Software Supply Chain with SLSA - The New Stack
The Journey to Secure the Software Supply Chain at Microsoft
SLSA • Supply-chain Levels for Software Artifacts
Elastic partners with Chainguard on Software Supply Chain security
OpenSSF Aimed to Stem Open Source Security Problems in 2022 - The
The cases for using the SBOMs we build - Atlantic Council
Google security overview, Documentation
2022: The year of software supply chain security