Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software professionals view these practices as useful or not? Easy or hard? To help answer these and related questions, Chainguard, the Eclipse Foundation, the Rust Foundation, and the Open Source Security Foundation (OpenSSF) partnered to field a software supply chain security survey.
Surveying Software Supply Chain Security
SLSA • Supply-chain Levels for Software Artifacts
Understanding the SLSA Cybersecurity Framework
Google security overview, Documentation
Avoiding the success trap: Toward policy for open-source software
How SLSA Prevents Attacks
How to Secure Your Software Builds with SLSA
secure-sw-dev-fundamentals
A Practical Guide to the SLSA Framework - FOSSA
Blog Archives - Page 11 of 20 - Open Source Security Foundation
Use platform engineering to scale app security practices - FutureCIO
Michael Traw on LinkedIn: New SLSA++ Survey Reveals Real-World Developer Approaches to Software…
OpenSSF Announces SLSA Version 1.0 Release - Open Source Security
Everybody SLSA!!. How Google Cloud can help you secure…