Section four of the "Executive Order on Improving the Nation's Cybersecurity" introduced a lot of people in tech to the concept of a "Software Supply Chain" and securing it. If you make software and ever hope to sell it to one or more federal agencies, you have to pay attention to this. Even if you never plan to sell to a government, understanding your Software Supply Chain and learning how to secure it will pay dividends in a stronger security footing and the benefits it provides. This article will look at three ways to supercharge your Software Supply Chain Security. What is your Software Supply Chain? It's essentially everything that goes into building a piece of software: from the IDE in which the developer writes code, to the third-party dependencies, to the build systems and scripts, to the hardware and operating system on which it runs. Instabilities and vulnerabilities can be introduced, maliciously or not, from inception to deployment and even beyond. 1: Keep Your Secrets Secret Some of the bigger cybersecurity incidents of 2023 occurred because bad actors found secrets in plain text. Secrets, in this context, are things like username and password combos, API keys, signing keys, and more. These keys to corporate kingdoms were found laying around where they shouldn't be. Sourcegraph got pwned when they published code to a public instance containing a hardcoded access token. The token was used to create other accounts and give people free access to the Sourcegraph…Read More