Google Spices Up Supply China Security with SLSA Framework

Jun 18, 2021 12:00 pm Cyber Security 261

Google Spices Up Supply China Security with SLSA Framework

Google has proposed a new framework to mitigate the growing risks posed by attacks on the software supply chain.



The Supply Chain Levels for Software Artifacts (SLSA, pronounced “salsa”) is designed to ensure the integrity of software artifacts across the entire supply chain.



It’s based on Google’s own Binary Authorization for Borg framework, which the tech giant has been using as standard for all its production workloads for over eight years.



“The goal of SLSA is to improve the state of the industry, particularly open source, to defend against the most pressing integrity threats,” Google explained. “With SLSA, consumers can make informed choices about the security posture of the software they consume.”



A typical software supply chain features multiple weak points and dependencies where attackers could strike — from the source repository and control platforms to the build and package phases.



The SolarWinds attackers that managed to compromise nine US government agencies compromised the build platform and installed an implant that injected malicious behavior during each build, for example.



In another recent supply chain attack affecting US firm Codecov, attackers used leaked credentials to upload a malicious artifact that was not built by the company’s CI/CD system. Users unwittingly downloaded this directly from its Google Cloud Storage bucket.



SLSA would have help ..

Support the originator by clicking the read the rest link below.

google spices supply china security framework
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!