Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software professionals view these practices as useful or not? Easy or hard? To help answer these and related questions, Chainguard, the Eclipse Foundation, the Rust Foundation, and the Open Source Security Foundation (OpenSSF) partnered to field a software supply chain security survey.
An Agile Software Development Solicitation Guide
Frontiers From future diets to dishes: communicating dietary
SLSA • Supply-chain Levels for Software Artifacts
SLSA: Supply Chain Levels for Software Artifacts. Google End to
2022 Security Trends: Software Supply Chain Survey • Anchore
Google SLSA Cybersecurity Framework: Key Takeaways - Cycode
Michael Traw on LinkedIn: New SLSA++ Survey Reveals Real-World Developer Approaches to Software…
Supply Chain Security Begins with Secure Software Development
New SLSA++ Survey Reveals Real-World Developer Approaches to
OpenSSF Membership Growth Signals Technical Communities' Continued
DevOps JIT blog
State of Open Source Security 2023 report