DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

Digital Certs Key to Securing Open Source Supply Chain, Though Few Devs Use

4 years ago thenewstack.io
Digital Certs Key to Securing Open Source Supply Chain, Though Few Devs Use

Summary: This is a summary of an article originally published by The New Stack. Read the full original article here →

Half of all open source contributors are never encouraged to use digital signatures when making changes to the open source projects they’re involved with according to the “2020 FOSS Contributor Survey.” In contrast, 17% are typically required to use a digital signature on all commits.

Especially in light of the recent SolarWinds attack, requiring digital certificates is a strong way to track open source code’s chain of custody throughout the software supply chain.

Creating a code of conduct and contributing guide are important too but so are policies that promote security. However, only 26% of the maintainers or core participants said the projects they are involved with have a security policy in place.

Read More
Oh Dear
Oh Dear
The all-in-one monitoring tool for your entire website
Fathom
Fathom
Fathom Analytics: A Better Google Analytics Alternative
Namecheap
Namecheap
DevOpsChat Logo Your DevOps Community
Product
Useful Links

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com