The software supply chain has emerged as a prime target for cyberattacks in recent years, as evidenced by major incidents like SolarWinds and Log4Shell. To understand how IT teams can get ahead of supply chain threats, I spoke with two founders of Chainguard – Ville Aikas and Kim Lewandowski, at BlackHat 2023. While at Google, Aikas, and Lewandowski were co-creators of two really popular open-source technologies (Sigstore and SLSA, aka “Salsa”).
Supply chain attacks have driven home the risks of third-party software dependencies. But as Chainguard's founders explained, solutions like Sigstore and the SLSA framework are bringing discipline to securing code provenance and integrity.