New Ebook: A Blueprint for Supply Chain Security
Managing today’s software — composed of a combination of open source code, in-house created code, and third-party code — has elevated application risk from design and build through production. Now, with more points of vulnerability within today’s software supply chain, the number of attacks has grown exponentially.
In fact, one-fifth of breaches that occurred between March of 2021 and 2022 were caused by a supply chain compromise that resulted from a business partner, such as a supplier, according to a study from the Ponemon Institute and IBM.
As bad actors use more sophisticated methods to exploit code, it is anticipated that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021, according to Gartner.
In this ebook, B. Cameron Gain, a longtime contributor to The New Stack, provides a glimpse into the threat landscape of containerized applications and offers a blueprint for software supply chain security. He outlines the areas organizations need to protect as they build, change and deploy applications, with a best practice checklist to cover all stages of the software lifecycle.
“A Blueprint for Supply Chain Security” provides valuable insight into:
- What the software supply chain security is.
- Why the traditional approach of “patching” applications doesn’t work for containerized applications.
- How guarding against human error decreases the exploitation of the security supply chain.
- Software bills of materials (SBOMs), supply-chain levels for software artifacts (SLSA) and other best practices.
- How a “shift left” strategy can secure the software supply chain, even before a developer begins their work.
Thank you to our sponsor, Red Hat Advanced Cluster Security for Kubernetes, for making this ebook possible.