Read Time:36 Second
Notable incidents such as SolarWinds and Log4j have placed a focus on software supply chain security. They have also sent security teams in search of tools to ensure the integrity of software from third parties. Software use is ubiquitous, with digital platforms now accounting for 60% of GDP per the World Economic Forum (WEF). While the way we use software has and is changing the world, the methods to ensuring the integrity of software sourced from across the ecosystem is lacking. The software supply chain often lacks the use of digital signatures, and when it doesn’t it typically uses traditional digital signing techniques which can be challenging to automate and audit.