Home Industry News Risk Google SLSA, Linux Foundation Drops SBOM for Supply Chain...

Google SLSA, Linux Foundation Drops SBOM for Supply Chain Security Boost


Google and the Linux Foundation separately debuted new tools to improve supply chain security, with a specific focus on open source software, as federal agencies work on software-related standards and guidelines.

Google launched Supply chain Levels for Software Artifacts or SLSA, pronounced “salsa.” It’s a framework for ensuring the integrity of software artifacts throughout the software supply chain. The cloud giant also included SLSA in its proposed recommendations to the National Institute of Standards and Technology (NIST), which called on organizations to submit solutions for boosting supply chain security.

Additionally, the Linux Foundation rolled out software bill of materials (SBOM) tools and training as it pushes its open source Software Package Data Exchange (SPDX) project as the de-facto open standard for communicating SBOM information including open source software components, licenses, and known security vulnerabilities.

Related Posts

Latest Updates