Google’s latest framework aims to prevent SolarWinds-like supply chain attacks

Google has unveiled a new framework called Supply chain Levels for Software Artifacts, or SLSA (pronounced "salsa").

The intention of SLSA is to help prevent the growing number of devastating supply chain attacks in recent years—such as the SolarWinds and CodeCov hacks.

Google describes SLSA as "an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain."

The company says that SLSA is inspired by its own...

18 June 2021 | Frameworks

Codecov breach prompts fears of another SolarWinds-style hack

A hack impacting software testing firm Codecov is expected to have resulted in hundreds of networks being compromised, prompting fears of a fallout similar to the recent SolarWinds attack.

Codecov has over 29,000 customers including companies such as IBM, Proctor & Gamble, Hewlett Packard Enterprise, Atlassian, Washington Post, and GoDaddy. The potential scale of the attack has led to a federal investigation.

"We are aware of the claims and we are investigating...

21 April 2021 | Development Tools