Industry group tackles software supply chain attacks

 

Stop malicious code being inserted during development.

Not-for-profit organisation the Software Assurance Forum for Excellence in Code (SafeCode) today announced a new industry-led resource designed to help suppliers prevent software being deliberately compromised during sourcing, development or distribution.

The Software Supply Chain Integrity Framework (PDF) was jointly developed by SafeCode members, including SAP, EMC, Symantec, Microsoft, Nokia and Juniper Networks.

SafeCode said that the framework is designed to address so-called supply chain attacks, in which malicious code is intentionally inserted into software during its development or maintenance.

Secure code development is only one element of software assurance, however, and the software creation and delivery processes must also include integrity controls to enable vendors to deliver uncompromised products, according to SafeCode.

"While SafeCode members have individually implemented software integrity practices, this is the first time that the industry has come together to establish a common framework for ensuring the integrity of software through the global supply chain," said Paul Kurtz, executive director of SafeCode.

"This framework will serve as the foundation for subsequent work aimed at identifying and analysing software integrity best practices, and represents a critical step forward in the industry's efforts to advance software assurance."

Copyright ©v3.co.uk


Industry group tackles software supply chain attacks
 
 
 
Top Stories
 
Myer CIO named retailer's new chief executive
Richard Umbers to lead data-driven retail strategy.
 
Empty terminals and mountains of data
Qantas CIO Luc Hennekens says no-one is safe from digital disruption.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  35%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 4149

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 1414

Vote