 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
VALENCIA, Spain — Unless you’ve been hiding out under a rock, you know securing the software supply chain has become security’s job number one. From SolarWinds, Codecov, and Kaseya, to name but a few, the last few years were bad ones for software supply chain security. As a result, there have been many documents and frameworks laying out the best practices for securing the supply chain.
There was only one little problem: How do you take all these policy suggestions and turn them into a plan for concrete action. The cloud native security company Jetstack has an answer: The Jetstack software supply chain toolkit.
This web-based interactive program takes the recommendations from the following seminal software supply chain security documents:
And turns them into actionable suggestions.
Specifically, it breaks these down into four key areas: Build pipelines, source code, provenance, and deployment. It then takes these recommendations and adds insights on priority and complexity along with links to the original open source toolsets that can help with that specific recommendation.
Does that sound too simple for you? That this is something you could do yourself? Well, yes you could? But when are you going to do it? Are you security-savvy enough to do it right? Are you sure?
As Steve Judd, Jetstack’s senior solutions architect and the toolkit developer said, “Solving these challenges requires going through a whole range of controls that go well beyond a software bill of materials (SBOMs), which is just one of the 54 recommendations.” Jetstack is doing the cloud native community a world of good by offering this service.
As Jetstack CTO and founder, Matt Barker told me at KubeCon Europe, “It lets you take these recommendations and make them actionable. It also prioritizes them by which ones should take the higher priority with the lowest effort to fix.”
“With this,” Barker continued, “you can get started on securing your supply chain. You can get on the ladder. It takes a huge effort to really secure your software supply chain but with this, you can do something today.”
He’s right. You can. And the sooner you get started on it, the better. Just ask Solarwinds if you doubt this.
