Skip to main content

Surveying Software Supply Chain Security

Chainguard, the co-creator of Sigstore, has conducted a survey to better understand if and how software supply best practices

are utilized by the industry. We take a look at the findings.

With the title, SLSA++ A Survey of Software Supply Chain Security, it was actually run by a consortium comprising  Chainguard, the Eclipse Foundation, the Rust Foundation and the OpenSSF. Suffice to say that these resounding names put some weight behind it.

It tried to address the following questions: 

  • Is everyone doing software supply chain security, or is everyone just talking about software supply chain security?
  • Do software professionals actually think different software supply chain practices are helpful, easy or difficult? 
full article :
Labels:

Comments

Post a Comment

Popular posts from this blog

RAG from Scratch

  The "RAG from Scratch" tutorial by Langchain coupled with the "RAG playground" are two great educational resources that will help you kickstart your journey with RAG. https://www.i-programmer.info/news/105-artificial-intelligence/17676-rag-from-scratch.html
Post a Comment
Read more

Greenplum's Cloudberry Fork Enters Apache Incubator

  Cloudberry is the open source equivalent of Greenplum. Now it is fostered by the Apache Foundation as it acquires incubating status. It all began about six months ago. Greenplum's Github repositories was archived and went dark. This meant no more free new releases or security and bug fixes for its users. Why? Because in May 2024, Tanzu made the decision to close-source the project. https://www.i-programmer.info/news/84-database/17694-greenplums-cloudberry-fork-enters-apache-incubator-.html
Post a Comment
Read more