Chainguard, the co-creator of Sigstore, has conducted a survey to better understand if and how software supply best practices
are utilized by the industry. We take a look at the findings.
With the title, SLSA++ A Survey of Software Supply Chain Security, it was actually run by a consortium comprising Chainguard, the Eclipse Foundation, the Rust Foundation and the OpenSSF. Suffice to say that these resounding names put some weight behind it.
It tried to address the following questions:
- Is everyone doing software supply chain security, or is everyone just talking about software supply chain security?
- Do software professionals actually think different software supply chain practices are helpful, easy or difficult?
full article :