How we’ll solve software supply chain security

Who owns software supply chain security? Developers? Or the platform and security engineering teams supporting them?In the past, the CIO, CISO, or CTO and their security team would decide which Linux distribution, operating system, and infrastructure platform the company would be getting its support contracts and security SLAs from. Today, developers do this all in Docker Files and GitHub Actions, and there isn’t the same kind of organizational oversight that existed before things shifted left to developers. [ Also on InfoWorld: Software developers have a supply chain security problem ] Today, compliance and security teams define the policies and higher level requirements, while developers get the flexibility of choosing whatever tooling they want, provided it meets those requirements. It’s a separation of concerns that greatly accelerates developer productivity.To read this article in full, please click here

Nov 30, -0001 - 00:00
 0
How we’ll solve software supply chain security
Techatty All-in-1 Publishing
Techatty All-in-1 Publishing

Who owns software supply chain security? Developers? Or the platform and security engineering teams supporting them?

In the past, the CIO, CISO, or CTO and their security team would decide which Linux distribution, operating system, and infrastructure platform the company would be getting its support contracts and security SLAs from. Today, developers do this all in Docker Files and GitHub Actions, and there isn’t the same kind of organizational oversight that existed before things shifted left to developers.

Today, compliance and security teams define the policies and higher level requirements, while developers get the flexibility of choosing whatever tooling they want, provided it meets those requirements. It’s a separation of concerns that greatly accelerates developer productivity.

To read this article in full, please click here

Talk to Techatty
Talk to Techatty
Techatty Connecting the world of tech differently! Read. Write. Learn. Thrive. Make an informed decision without distractions. We are building tech media and publication networks to connect YOU and everyone to reliable information, opportunities, and resources to achieve greater success.