This is part two of a two-part blog series on third-party code usage in software development. Go to part one here: Secure your software supply chain  – trusting third parties. In part one we looked at the general pros and cons of third-party software use and the necessity of determining trust towards the vendors/publishers. We […]

In an earlier blog post we looked at how to avoid becoming a vector for a software supply chain attack. In this two-part article we will mainly look at how you as a consumer of third-party and/or open source software can identify vendors to trust and mitigate the different relevant threats. Let’s take a pragmatic […]

Securing build servers and the development process as a whole is crucial to avoid becoming part of a software supply-chain attack. SUNBURST is a malware that was spread by breaching the build server for SolarWinds’ Orion product. Using threat modeling it is possible to identify mitigations to reduce the risk and improve the security of the development life-cycle.