Aqua Security and CIS release first formal guidelines for software supply chain security

by | Jun 22, 2022 | Technology

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

Today, cloud native security provider, Aqua Security and the Center for Internet Security (CIS) released the first ever formal guidelines for software supply chain security. The new CIS Software Supply Chain Security Guide provides enterprises with over 100 foundational recommendations for securing the supply chain against threat actors. 

The new guidelines can break down the software supply chain into five key areas; Source Code, Build Pipelines, Dependencies, Artifacts and Deployment. 

By codifying guidelines for each category, Aqua Security and CIS aim to establish industry-wide best practices and recommendations for mitigating open source software risks, and to support new standards including Supply-chain Levels for Software Artifacts (SLSA) and The Update Framework (TUF). 

Aqua Security also today announced the launch of a new open source tool called Chain-Bench, which enterprises can use to audit the supply chain in line with the CISA guidelines. 

Bringing supply chain security to all  

The release comes as part of a wider movement to secure the open source supply chain, in the wake of the disruption caused by Log4Shell since its discovery in November of last year. 

Looking back, the widespread security vulnerabilities caused by the vulnerability brought to the forefront concerns over the reliability of open source software. 

Now research shows that 95% of IT leaders say Log4Shell was a wake up call for cloud security, and 87% admitting they feel less confident about their cloud security today than they did prior to the incident. 

This industry-wide lack of confidence has drive organizations, proprietary software vendors, and open source projects into a state of collaboration, to identify and mitigate the security issues present within open source solutions. 

One of the most notable collaborations in the industry occurred earlier this year at the Open Source Software Security Summit II when The Linux Foundation and th …

Article Attribution | Read More at Article Source

Share This