AppSec developers at Citi have pledged to open source a platform they have developed to protect software supply chains by automating continuous security checks on the software and libraries requested by developers. The proliferation of open source software has provided another way for malicious or simply malformed software components to find their way into corporate software stacks and beyond.
Horrendous https://www.linkedin.com/in/jamesholland/?originalSubdomain=uk, director of application security at https://www.citi.com/, told the https://openuk.uk/event-calendar/kubernetes-community-days-uk/ conference in London that the bank manages three million external packages.
He asked, “Can we have a secure supply chain if we do not understand the maturity of our libraries?
He said it was essential that supply chain security efforts were easy for developers to use within their existing workflows.