Tag: Supply Chain Security

Software Supply Chain: Bigger (and Scarier) Than We Realize

Posted on by 1 Comment
Tanya Janca giving thumbs up, dressed in gardening gear.

When we talk about the software supply chain security, most people think only of dependencies (open-source libraries and frameworks). But the supply chain is so much more than just that. It’s everything we use to build, test, and release our software: our IDE (and all those wonderful extensions), our CI/CD pipelines (including every script, config,…

Continue reading Software Supply Chain: Bigger (and Scarier) Than We Realize

The Difference Between SCA and Supply Chain Security

Posted on by Leave a comment
Giant boat, representing a supply chain

Right now, the concept of the software supply chain and securing it is quite trendy. After the solar winds breach, the attack on the crypto wallet, at the log4J fiasco, the entire world appears to be focused on securing the software supply chain. I’m not complaining. If anything, as an application security nerd, I am quite pleased that…

Continue reading The Difference Between SCA and Supply Chain Security