Answering even basic questions about software supply chain security has been surprisingly hard. For instance, how widespread are the different practices associated with software supply chain security? And do software professionals view these practices as useful or not? Easy or hard? To help answer these and related questions, Chainguard, the Eclipse Foundation, the Rust Foundation, and the Open Source Security Foundation (OpenSSF) partnered to field a software supply chain security survey.
Introducing SLSA, an End-to-End - Google Online Security Blog
Avoiding the success trap: Toward policy for open-source software
Supply chain security guidance
Secure DevOps: Key to Software Supply Chain Security
OpenSSF Announces New Members, Guiding Software Security
OpenSSF Membership Growth Signals Technical Communities' Continued
Michael Traw on LinkedIn: New SLSA++ Survey Reveals Real-World
Supply Chain Security Begins with Secure Software Development
New SLSA++ Survey Reveals Real-World Developer Approaches to
The Journey to Secure the Software Supply Chain at Microsoft
OpenSSF Announces SLSA Version 1.0 Release - Open Source Security
Improving Software Security with Profisea: Why Incorporate Supply