RSA Conference just published an article that I’ve written on the 5 steps for securing your software supply chain. Most modern applications are assembled from open source components with developers typically writing less than 15% of the code for their application. As the demand for open source software grows, there’s also an increase in the number of available open source software. However not all open source components are created equally or maintained properly. As a result, we are seeing an increase in software supply chain attacks. That increase is on average around 742% per year!
The 5 steps are:
1. Having a software bill of materials or SBOM so you understand your organisation’s exposure when vulnerabilities are discovered.
2. Performing due diligence and scanning for vulnerabilities.
3. Having a centralised artifact repository so that only approved software is used.
4. Keeping your software up to date so that you’re not using stale components.
5. Running a Web Application Firewall, or WAF, so that you can deploy mitigating controls and give the development team additional time to remediate.
Check out the article on RSA Conference for more details.
https://www.rsaconference.com/Library/blog/5-steps-for-securing-your-software-supply-chain
This segment was created for the It’s 5:05 podcast