Security measures within every step of software development and supply chain must take top priority as attacks continue to be directed to the application layer.
Join the DZone community and get the full member experience. Enterprise software development has graduated from the “waterfall” framework of development and operations — and has become less linear, more complex and, in several ways, more difficult to secure. While contemporary software supply chain practices allow developers to manage that complexity and deliver software efficiently at scale, unaddressed gaps and vulnerabilities within the process continue to be exploited by threat actors. That’s why security measures within every step of software development and supply chain must take top priority as attacks continue to be directed to the application layer — and often succeed in penetrating the network and executing malicious instructions. As most developers utilize open-source software package repositories, such as NPM (Node Package Manager) or PyPI (Python Package Index), to build and develop new applications, this software supply chain acts as a vehicle for carrying those assets into various applications used within organizations. If production code is infected with malware or vulnerabilities that were inadvertently sourced from the repository, it may contaminate all organizations that come in contact with it — whether by using the code already in their software development life cycle or by launching presumed trusted applications from third parties who failed to validate their own code.
