34.Key AbstractDigital

The Solarwinds security blunders have raised awareness of the importance of protecting software supply chains from unauthorized changes. Now, the Linux Foundation and partners have created a new free cryptographic software signing service to improve open-source program security.

A few months ago, if you'd asked someone what their biggest concern was about IT security, you would have received lots of different answers. Then Solarwinds catastrophically failed to secure its software supply chain, leading to what's been called IT's Pearl Harbor. So it is today that locking down your software supply chain has become job number one for all CSO and CISOs who take their jobs seriously. To answer this call for open source, the Linux Foundation, along with Red HatGoogle, and Purdue University have created the sigstore project