This episode is sponsored by Acceleration Economy’s Digital CIO Summit, taking place April 4-6. Register for the free event here. Tune in to the event to hear from CIO practitioners discuss their modernization and growth strategies.
00:36 — Chainguard, along with the Eclipse Foundation, the Rust Foundation, and the Open Source Security Foundation, have partnered on a software supply chain security survey. The questions were primarily derived from the security requirements associated with the Supply-chain Levels for Software Artifacts (SLSA) supply chain integrity framework version 0.1.
Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.
01:05 — The survey had 170 respondents from a wide range of organizations both large and small, and all respondents have security-focused roles. There were three key findings.
01:23 — First, some software supply chain practices are already widely adopted. For example, over half of the respondents always use a centralized build service.
01:45 — Second, most practices in software supply chain security are considered helpful. There is surprisingly little variation in their perceived level of helpfulness. For each practice cited in the survey, at least 50% of respondents labeled the practice either extremely helpful or very helpful.
02:07 — Some SLSA practices are considered substantially more difficult, including hermetic builds and reproducible builds; over 50% of respondents said these are extremely difficult or very difficult. The survey is an important resource to understand which practices are working best.
Want more cybersecurity insights? Visit the Cybersecurity channel: