Software supply chain security is a threat area that was popularized by SolarWinds and Log4j. For the first time there was widespread awareness of how exploiting popular software artifacts (libraries, frameworks, etc.) can give hackers entry, where they can then pivot to all sorts of mischief.
It’s become the next buzzword in cybersecurity and the intersection of DevSecOps. As the latest evolution of the so-called “shift left” security trend, it’s really about baking the concept of provenance (who created software, who has touched it, ensuring that it has not been tampered with) into the build process, up through production applications.
This article has been indexed from DZone Security Zone
Read the original article: