OPERATING SYSTEMSOS Linux

The Road to Zero CVEs: People and Technology – Andrew Martin & Michael Lieberman

The Road to Zero CVEs: People and Technology – Andrew Martin, Control Plane & Michael Lieberman, Kusari

Open source software is critical to the digital landscape but remains vulnerable to supply chain attacks. This risk has drawn unparalleled scrutiny, and as international governments enact legislation focused on supply chain security, we developers and maintainers must decipher what these bodies mean by a “supply chain attack.” We analyse the current state of supply chain security and legislation to illuminate a path forward, harmonizing legislative trends and cybersecurity advancements to fortify our open source ecosystems. We explore: – Compromises inherent in supply chain resilience practices – Emerging open source tooling to bolster our defences, like Sigstore, in-toto, and GUAC. – CVEs management approaches to ensure production-safe environments – Incrementally adopting new patterns and practices like SLSA and S2C2F – Collaboratively enacting a more secure, resilient future for our supply chains

source

by The Linux Foundation

linux foundation