The topic of supply chain security is becoming increasingly important in software development. In recent years, the attacks have become very sophisticated, partly fragmented, and highly specialized. Therefore, it is not always easy to identify such attacks, let alone recognize an attack that has just been carried out. The SLSA project from the Linux Foundation, in collaboration with several well-known companies and organizations, has taken up the cause of developing industry-standard specifications to protect against this potential threat.

In addition to educating and making this knowledge available to as many people as possible, this project notes its own limitations and what consequences that entails for typical software development operations.

Leave with a better understanding of supply chain attacks and how you might use SLSA levels to harden your security one step at a time.