Duncan is an award-winning editor with more than 20 years of experience in journalism. Since starting his career in technology journalism as an editor of Arabian Computer News in Dubai, he has since edited a number of technology and digital marketing publications, including Computer Business Review, TechWeekEurope, Figaro Digital, Digit and Marketing Gazette.
Jetstack, a Venafi company and specialist in cloud services, open source and strategic consulting services, announced the availability of easy-to-use, interactive and comprehensive tools to provide modern software supply chains.
The visual web-based resource is accessible to everyone and is designed to help organizations assess and plan the important steps they need to address the effective security of the software supply chain. Software supply chain security is becoming an increasingly critical issue for all organizations. After the attack on Solar Winds in late 2020, which affected more than 1,800 companies, attacks on the software supply chain increased by more than 300% in 2021.
Matthew Bates, Jetstack’s CTO, said: “Most organizations already understand the urgency and importance of improving the security of the software they consume and produce.
“The problem is that it is very difficult to identify and prioritize the changes that need to be made, while managing the competitive priorities of their communities for development and security. It is very difficult to figure out how to continuously improve development speed and reduce implementation time while improving control, visibility and security. Our toolkit helps development and security teams quickly figure out where to start by identifying the difficulty and impact of specific security checks. “
The Software Supply Chain toolkit brings together tips and tricks from a number of frameworks and white papers, each of which provides comprehensive guidelines for the security of the software supply chain, including:
● CNCF White Paper “Best Practices in the Software Supply Chain”.
● Linux Foundation SLSA (Software Supply Chain Levels)
● NIST Executive Order Guide 14028 Improving the security of the software supply chain
● Venafi project for the construction of secure software development pipelines
The interactive toolkit provides guidance from these frameworks, broken down into four key areas: pipeline construction, source code, origin and implementation. The recommendations in each section include insights into priority and complexity, along with links to the original open source toolkits that can help with this particular recommendation.
Steve Judd, Jetstack Senior Solutions Architect and Toolkit Developer, said: “Attacks on the software supply chain target a range of vulnerabilities at various points in the software lifecycle.
“Addressing these challenges requires going through a whole range of controls that go beyond the Software Specification of Materials (SBOM), which is just one of 54 recommendations. Software Supply Chain is a new type of collaboration with the open source community designed to help the industry develop proactive and preventative solutions that are specifically designed for existing and emerging development processes.
Jetstack unveils industry-first software supply chain security toolkit