Agile Thinking

DevSecOps, A Shield Against Supply Chain Attacks

The recent SolarWinds supply chain attack has made software teams question the security of software development, deployment, and its use. The rapid shift to remote and hybrid work models has resulted in widespread cloud technology adoption across all sectors. Organizations must now consider the vulnerabilities and risks they will be exposed to. In this article at InfoQ, Jonathan Hunt explains how DevSecOps helps secure your supply chain in a multi-cloud threatscape.

Importance of DevSecOps

According to studies,

  • The attacks on software supply chains increased by 430% in 2020.
  • Nearly 47% of companies found out about open-source supply chain vulnerabilities only after a week.
  • 11% of open-source application components have at least one known security vulnerability.

Security is something that no organization wants to compromise on. With DevSecOps, enterprises can better protect themselves. Additionally, companies must also practice good cyber hygiene and strengthen risk management strategies with third-party vendors. Furthermore, a strong DevSecOps creates a barrier against supply chain attacks and offers proactive approaches to avoid potential threats.

Securing Supply Chain With DevSecOps

Think Beyond Software Applications

DevSecOps must think beyond the user interface and product features. It must focus on:

  • Developing a comprehensive security strategy—including information about the security tools to address all the activities involved in the software supply chain
  • Crafting a threat-defense model by getting a holistic view of suspicious user activities, policy violations, and organizational data-related risks

Focus on Sourcing

The DevSecOps teams must:

  • Check for compromised software-building tools
  • Identify if there is any pre-installed malware in components
  • Look for digital signatures

Follow the Best Practices

The DevSecOps team must follow the best practices of software coding and quality assurance. They must:

  • Persistently update infrastructure
  • Introduce secure API gateways
  • Run automated tests and dependency checks at every stage

To read the original article, click on

Related Articles

Back to top button

We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.