We Value Your Privacy

We use technology such as cookies on our website, and through our partners, to personalize content and ads, provide social media features, and analyse our traffic. To find out more, read our privacy policy and Cookie Policy. Please also see our Terms and Conditions of Use. By accepting these terms you agree to your information being processed by Inbox Insight, its Partners or future partners, that you are over 18, and may receive relevant communications through this website, phone, email and digital marketing. For more information on how we process your data, or to opt out, please read our privacy policy. Our policies and partners are subject to change so please check back regularly to stay up to date with our terms of use and processing.

Accept Terms Settings
x

Please Sign-In to Access this Report

To access other reports on the platform please sign in with your username and password, or register for a free account to get unlimited access and insight customized for you.

Report checkmarx-Don’t Take Code from Strangers - Supply Chain Security Whitepaper

Don’t Take Code from Strangers

Supply Chain Security Whitepaper

This white paper is designed to help organizations, management teams, security practitioners, and developers understand dependency integrities that exist within open source code packages and why they represent the weakest link within a software supply chain. It explores the relationship between the digital economy and open source software (OSS), with a focus on why open source code is a popular attack vector. It then introduces SLSA as a framework for supply chain integrity, discusses why traditional software composition analysis is insufficient when it comes to detecting code with malicious intent, and introduces a way forward to avoid taking malicious code from strangers.

Report Snap Shot

  • Code repository
  • Contributor reputation
  • Code behavior

Related Content