How to strengthen your software supply chain security, improve best practices, and build trust in your projects.                   Naveen S

In Scorecard we trust

submited by
Style Pass
2023-01-26 02:00:18

How to strengthen your software supply chain security, improve best practices, and build trust in your projects.

Naveen Srinivasan & Brian Russell // Software Supply Chain Security, Endor Labs & Product Manager, Google, OpenSSF

The ReadME Project amplifies the voices of the open source community: the maintainers, developers, and teams whose contributions move the world forward every day.

Most of us probably spend more time reading restaurant reviews than we spend evaluating the security of a new open source dependency. Yet the stakes riding on our codebases are so much higher than a bad meal. Software supply chain attacks have seen a 742% annual increase as attackers target vulnerabilities in dependencies earlier in the supply chain as a way of multiplying the impact of their attacks.

Open source consumers need knowledge about the projects they rely on to help protect their projects from the next big supply chain attack. Are the dependencies you bring into your project safe? What’s happening under the surface in the projects you depend on? 

Leave a Comment