Google dishes out homemade SLSA, a recipe to thwart software supply-chain attacks

Google dishes out homemade SLSA, a recipe to thwart software supply-chain attacks

Google has proposed a framework called SLSA for dealing with supply chain attacks, a security risk exemplified by the recent compromise of the SolarWinds Orion IT monitoring platform.


SLSA – short for Supply chain Levels for Software Artifacts and pronounced "salsa" for those inclined to add convenience vowels – aspires to provide security guidance and programmatic assurance to help defend the software build and deployment process.


"The goal of SLSA is to improve the state of the industry, particularly open source, to defend against the most pressing integrity threats," said Kim Lewandowski, Google product manager, and Mark Lodato, Google software engineer, in a blog post on Wednesday. "With SLSA, consumers can make informed choices about the security posture of the software they cons ..

Support the originator by clicking the read the rest link below.