Aqua Security and CIS release first formal guidelines for software supply chain security

1 week ago 43

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Today, cloud native security provider, Aqua Security and the Center for Internet Security (CIS) released the first ever formal guidelines for software supply chain security. The new CIS Software Supply Chain Security Guide provides enterprises with over 100 foundational recommendations for securing the supply chain against threat actors. 

The new guidelines can break down the software supply chain into five key areas; Source Code, Build Pipelines, Dependencies, Artifacts and Deployment. 

By codifying guidelines for each category, Aqua Security and CIS aim to establish industry-wide best practices and recommendations for mitigating open source software risks, and to support new standards including Supply-chain Levels for Software Artifacts (SLSA) and The Update Framework (TUF). 

Aqua Security also today announced the launch of a new open source tool called Chain-Bench, which enterprises can use to audit the supply chain in line with the CISA guidelines. 

Bringing supply chain security to all  

The release comes as part of a wider movement to secure the open source supply chain, in the wake of the disruption caused by Log4Shell since its discovery in November of last year. 

Looking back, the widespread security vulnerabilities caused by the vulnerability brought to the forefront concerns over the reliability of open source software. 


Read Entire Article