The next big market opportunity in cybersecurity will be in cloud and app security.
Excited to launch this deep dive into software supply chain (SSC) security in collaboration w/ @clintgibler!
We provide a full breakdown of SSC security & risks.
Here is a summary of the piece:
Software supply chain security can simply be defined as securing the software development process from beginning to end.
Our report focuses on 3-key phases of the software supply chain.
Across these phases, we discuss what constitutes SSC risks and processes for securing each.
Let's briefly go over each part:
1) Source
2) Build
3) Package / Deploy
1/ Source stage:
This stage constitutes creating the actual code used to build an app.
The report discusses source code review, managing access to code environments and IDE extensions, and source code management systems (SCM).
2/ Build stage:
This stage compiles and transforms the source code into a deployable form, typically executable files and includes the CI/CD pipeline.
We discuss risk due to dependencies (malicious, transitive, and pipeline dependencies), CI/CD pipeline, and containers).
3/ Deployment and Package:
This stage bundles software components and dependencies into a deployable format and distributing it for installation on target systems.
We discuss Software Bill of Materials (SBOM), code provenance and signatures, and artifact repositories.
Across each of these stages, attackers try to find loopholes to infiltrate harm either directly or indirectly through third-party software dependencies.
85% of enterprises leverage open-source.
It's going nowhere, so CISOs are forced to find security solutions. Hence the buzz.
To learn more, see the full post below:
Our goal is that at the end of the piece:
- Develop an understanding of the core components of the software supply chain
- Why it's hot today for enterprises
- Its risks and how to deploy SSC security.
tldrsec.com/p/supply-chain-security-overview
There is a part 2 to this report (spicy part!)
In part 2, we discuss 12+ vendors in software supply chain and analyze their approach to SSC. We discuss the companies w/ unique solutions to this issue.
Read Part 1 and sign up so you receive the next V2:
tldrsec.com/subscribe
Francis
@InvestiAnalyst
Founder, Software Analyst Cyber Research | Tweets on Cybersecurity & AI/ML | Catholic. Distance Runner. | Ex Cyber Research | Ex AI PM.