Modern software development practices make securing the software supply chain more important than ever. Our code has dependencies on open source libraries which have dependencies on other libraries and so on—a chain of code that we didn’t develop, didn’t compile, and have little or no idea where it came from.
Some of that code is almost ubiquitous. The Log4Shell exploit that caused havoc across the industry was from an exploit resulting from an old bug in a common Java logging component, log4j. We’re building an industry that stands not on the shoulders of giants, but on the shoulders of a handful of application and component maintainers who keep our global infrastructure working in their spare time and out of the goodness of their hearts.
InfoWorld Cloud ComputingRead More