The CS will provide an on overview of SSCS, its relevance to developers, and practical guidance on improving the security of SSCs.
What security issues are commonly encountered related to this area?
Known vulnerable components used to build software
Using compromised or insecure third-party services or tools to develop, build, deliver, or otherwise manage software (which may not necessarily be "built" into the software as in the above)
Compromise of build script or processes
Compromise of code repositories or packages
Compromise of deployment processes or runtime environment (such as pulling a malicious update)
What is the objective of the Cheat Sheet?
The main objectives of the cheatsheet are: (1) provide an understanding of the various components which comprise the SSC, (2) identify common threats to the SSC, and (3) provide practical guidance on how developers can mitigate SSC risk.
What is the proposed Cheat Sheet about?
The CS will provide an on overview of SSCS, its relevance to developers, and practical guidance on improving the security of SSCs.
What security issues are commonly encountered related to this area?
What is the objective of the Cheat Sheet?
The main objectives of the cheatsheet are: (1) provide an understanding of the various components which comprise the SSC, (2) identify common threats to the SSC, and (3) provide practical guidance on how developers can mitigate SSC risk.
What other resources exist in this area?