Software Supply Chain Security

Almost all the products developed in the recent times have some open source libraries. This has opened up a new class of attacks targeting developers and software suppliers - Supply Chain Attacks. Everyone is impacted, including large companies as evident from Solarwinds, Log4j and several NPM related incidents.

Software Supply Chain Security, is the right way to address these emerging class of attacks. Platform Engineering should provide the guard rails for developers as default and protect everyone in the software value chain.

Security is always moving target. Constant education, updated threat monitoring, secure and sensible defaults, guard rails for developers and citizen developers are the key to reducing the risk to manageable levels.

Kisai as a platform provides some of the tools (e.g. npm private registries with whitelisting and version pinning, global blacklisting of packages and versions, signature verification, static code analysis tools) and “secure defaults” approach to configuration to prevent most supply chain attacks.