To tackle the rising software supply chain attacks, Google has proposed Supply chain Levels for Software Artifacts framework or SLSA. With advanced technology at their disposal, the sophisticated attackers have come to know that the software supply chain is the underbelly of the software industry.
Besides the SolarWinds hack that changed the way enterprises look at the cybersecurity role, Google emphasizes the Codedev supply chain attack that distressed the cybersecurity firm Rapid7 via a tainted Bash uploader. Even though supply chain attacks aren’t new, Google stated that they’ve escalated in the past few years and shifted the focus towards zero-day software vulnerabilities.
To read more: ZDnet