Software Supply Chain Security in the SDLC: Design Phase

In the wake of high-profile security breaches like Log4Shell, CodeCov, and OrionGate, software supply chain security has surged to the forefront of industry concerns. These incidents have driven remarkable advancements in technology aimed at fortifying our supply chains. Yet, despite these leaps forward, some critical areas remain under-addressed, often because they require a more holistic and integrated approach rather than standalone solutions. Discussions about software supply chain security often center on topics like SBOMs, dependency management, and open-source risks....

August 30, 2024 · 8 min · 1523 words

Software Supply Chain Security: A Holistic Approach to People, Processes, and Technology in a Secure SDLC

Introduction In today’s interconnected digital landscape, the concept of the software supply chain extends far beyond third-party libraries and open-source components. It encompasses the people, processes, and technologies that collectively contribute to the development and deployment of modern systems and applications. This includes not only external dependencies but also the intricate interactions between various teams within an organisation — developers, testers, security and operations — and the systems they use, such as Continuous Integration/Continuous Deployment (CI/CD) pipelines and cloud services....

May 31, 2024 · 15 min · 3084 words