How we’ll solve software supply chain security

Who owns software supply chain security? Developers? Or the platform and security engineering teams supporting them? In the past, the CIO, CISO, or CTO and their security team would decide which Linux distribution, operating system, and infrastructure platform the company would be getting its support contracts and security SLAs from. Today, developers do this all … Read more

Software developers have a supply chain security problem

Log4j was the bucket of cold water that woke up most developers to their software supply chain security problem. We’ve spent decades in software building things and obsessing over our production environment. But we’re building on unpatched Jenkins boxes sitting under someone’s desk. We spend all this time protecting our runtimes, then deploy to them … Read more

Securing Software Supply Chains on Kubernetes

Securing software supply chains remains a top priority for DevOps teams. In a prior post, we discussed the A MAP framework for Kubernetes supply chain security. In this post, we will discuss how supply chain security can be implemented using Nirmata Policy Manager and Venafi CodeSign Protect. With supply chain attacks on the rise, securing … Read more