Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Published : Mar 29, 2022
Mar 2022
Assess ? Worth exploring with the goal of understanding how it will affect your enterprise.

As software continues to grow in complexity, the threat vector of software dependencies becomes increasingly challenging to guard against. The recent Log4J vulnerability showed how difficult it can be to even know those dependencies — many companies who didn't use Log4J directly were unknowingly vulnerable simply because other software in their ecosystem relied on it. Supply chain Levels for Software Artifacts, or SLSA (pronounced "salsa"), is a consortium-curated set of guidance for organizations to protect against supply chain attacks, evolved from internal guidance Google has been using for years. We appreciate that SLSA doesn't promise a "silver bullet," tools-only approach to securing the supply chain but instead provides a checklist of concrete threats and practices along a maturity model. The threat model is easy to follow with real-world examples of attacks, and the requirements provide guidance to help organizations prioritize actions based on levels of increasing robustness to improve their supply chain security posture. We think SLSA provides applicable advice and look forward to more organizations learning from it.


Download Technology Radar Volume 26

English | Español | Português | 中文


Stay informed about technology


Subscribe now

Visit our archive to read previous volumes