Best practices for securing the software supply chain

In the wake of several highly publicized supply chain attacks, regulatory and media focus is shifting to address third-party software risk. The Department of Defense’s Cybersecurity Maturity Model Certification, established on January 31st, 2020, was the first attempt at creating a supply chain security compliance mandate. Only a few months later, threat actors infamously gained access to the build environment at SolarWinds and inserted a vulnerability directly into a security update that was then pushed to production. This combination of Insider Threat and Supply Chain Attack wound up compromising customers who installed the update, including US Federal agencies. In response to the growing threat of supply chain attacks, the Executive Order on Improving the Nation’s Cybersecurity established the Software Bill of Materials (SBOM) requirement. Whether for financial or political gain, threat actors are focusing on supply chain attacks. Software developers can prevent supply chain attacks by securing DevOps.

#cybersecurity #devops