Software Supply Chain Security: A Holistic Approach to People, Processes, and Technology in a Secure SDLC
Introduction In today’s interconnected digital landscape, the concept of the software supply chain extends far beyond third-party libraries and open-source components. It encompasses the people, processes, and technologies that collectively contribute to the development and deployment of modern systems and applications. This includes not only external dependencies but also the intricate interactions between various teams within an organisation — developers, testers, security and operations — and the systems they use, such as Continuous Integration/Continuous Deployment (CI/CD) pipelines and cloud services....