Source: thenewstack.io
Digital Certs Key to Securing Open Source Supply Chain, Though Few Devs UseCategory: Software
Half of all open source contributors are never encouraged to use digital signatures when making changes to the open source projects they’re involved with according to the “2020 FOSS Contributor Survey.” In contrast, 17% are typically required to use a digital signature on all commits.
Especially in light of the recent SolarWinds attack, requiring digital certificates is a strong way to track open source code’s chain of custody throughout the software supply chain.
Creating a code of conduct and contributing guide are important too but so are policies that promote security. However, only 26% of the maintainers or core participants said the projects they are involved with have a security policy in place.
Especially in light of the recent SolarWinds attack, requiring digital certificates is a strong way to track open source code’s chain of custody throughout the software supply chain.
Creating a code of conduct and contributing guide are important too but so are policies that promote security. However, only 26% of the maintainers or core participants said the projects they are involved with have a security policy in place.
Related Articles
Community Partners
DevOps Careers