News: Open-source security: Google has a new plan to stop software ...

Advisories

Discover Security Projects News

Open-source security: Google has a new plan to stop software supply chain attacks

Open-source security: Google has a new plan to stop software supply chain attacks

To tackle the growing threat of attacks on the software supply chain, Google has proposed the Supply chain Levels for Software Artifacts framework, or SLSA which is pronounced "salsa". Can Google's 'salsa' make life harder for supply chain attackers? Comment below - we want to hear what you think!

Sophisticated attackers have figured out that the software supply chain is the soft underbelly of the software industry. Beyond the game-changing SolarWinds hack, Google points to the recent Codecov supply chain attack, which stung cybersecurity firm Rapid7 via a tainted Bash uploader.

While supply chain attacks aren't new, Google notes they've escalated in the past year, and has shifted the focus from exploits for known or zero-day software vulnerabilities.

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.