Google Launches SLSA, a New Framework for Supply Chain Integrity

  /     /     /  
Publicated : 23/11/2024   Category : security


Google Launches SLSA, a New Framework for Supply Chain Integrity


The Supply chain Levels for Software Artifacts aims to ensure the integrity of components throughout the software supply chain.



Google this week introduced Supply chain Levels for Software Artifacts (SLSA), an end-to-end framework to ensure the integrity of software artifacts throughout the software supply chain.
SLSA, pronounced salsa, is inspired by Googles internal Binary Authorization for Borg (BAB), a 
code review process
 that aims to reduce insider risk by ensuring production software deployed at Google is reviewed and authorized – especially if it can access user data. Google has used BAB for more than eight years, and its mandatory for all production workloads.
The goal for SLSA is to help defend against supply chain integrity attacks that Google says have been increasing over the past two years. Following attacks such as those against SolarWinds and Codecov, Google points to the need for a framework to secure a complex supply chain.
In its current state, SLSA is a set of incrementally adoptable security guidelines being established by industry consensus, wrote Kim Lewandowski of Googles Open Source Security Team, and Mark Lodato of the Binary Authorization for Borg team, in a blog post.
Its final form will be different from a list of best practices, they noted. SLSA will support the automatic creation of auditable metadata, which can be fed into policy engines to give SLSA certification to a package or build platform.
SLSA is designed to be both incremental and actionable, Lewandowsi and Lodato explained. It will consist of four levels, with level four indicating the ideal state. Lower levels represent incremental guarantees of security integrity. At level four, consumers have greater assurance that the code hasnt been tampered with and can be securely traced back to its source.
Read Googles 
full blog post
 for more information.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google Launches SLSA, a New Framework for Supply Chain Integrity