Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Google launches new platform to help prevent Supply Chain attacks
SolarWinds and Codecov security incidents raise concerns about Supply Chain attacks. To ensure the integrity of software packages and prevent unauthorized modification, Google has come up with a solution called SLSA.
SLSA helps keep the entire software development and deployment process secure. As a result, it helps to reduce threats arising from unauthorized activities such as tampering with source code, tampering with software building platforms, etc.
In essence, SLSA is inspired by Google's internal process called Binary Authorization for Borg. This process includes a suite of tools to test and verify the origin of code and implement code identification to ensure that the software has been properly evaluated and authorized before deployment.
SLSA will be implemented to varying degrees. At higher levels, SLSA requires stronger security controls for the software building platform. Therefore, hackers will have a lot of difficulty in breaking in.
To implement SLSA, Google wishes to receive the cooperation of all agencies and businesses in the software industry. Google is also willing to share technical documents and standards necessary for partners to apply SLSA to their systems.
Google acknowledges that it is difficult to achieve the highest SLSA standards with most projects. However, adopting lower levels of SLSA would also increase security and pave the way for improved security of the open source ecosystem.
David PacYou should read it
- Korea's supply chain faces unprecedented chaos due to the Covid-19 pandemic
- New trend of global technology supply chain: 'Not Made in China'
- Google pledges $800 million to coronavirus relief, mostly in free ads
- Detects new Xcode malware targeting iOS developers
- Nikkei: Apple considers delaying the release of the iPhone 12 due to the corona virus effect
- How is the corona virus pandemic affecting the smartphone industry?
- Which country is STIHL chain saw? Is that good?
- 4 things to note before choosing to buy a PSU power supply for a PC
May be interested
- New phishing attacks appear to use Google Translate as a disguise
recently, a phishing campaign to steal google accounts and facebook login information has been discovered using google translate (google translate) as a disguised location on mobile browsers. - Which country is STIHL chain saw? Is that good?with its strong and convenient characteristics, stihl chain saws have gained a lot of sympathy from professional mechanic. which country is stihl chain saw? is that good?
- How to Break a Chainwhether you own a bike or simply work with chains a lot, there will probably come a time at some point where you'll need to break a chain in order to remove and repair it. if you're trying to break a bike chain, you may need to use pliers...
- 4 things to note before choosing to buy a PSU power supply for a PCamong the computer's components, the pc power supply (or psu - short for power supply unit) plays an extremely important role. if the psu operates stably and provides adequate power, the system will operate more smoothly and enduringly.
- 'Scoring' tool to prevent network attacks for freecyradar internet security check tool is a tool to support users to assess the ability to prevent computer network attacks currently issued by cyradar, fpt's security startup free of charge during the safety day event. vietnam information 2018 on november 30 in hanoi.
- Not a chip, this is the 'Achilles heel' in Huawei's smartphone businesshuawei's app ecosystem has the opportunity to survive under enormous pressure from google or not is only a matter of life and death.
- What are Protocol Attacks? How to Detect and Prevent Attacksprotocol attacks are a type of cyber attack that is carried out by exploiting weaknesses in communication protocols.
- The iPhone 12 is likely to arrive in October, the details are almost revealedthis is due to the effects of the covid-19 epidemic on the supply chain, causing the production of new iphones to be delayed.
- Review Astral Chain - The battlefield is full of explosionsunique and engaging themes, dramatic gameplay and excellent graphics, astral chain is a must-play for anyone.
- Apple still bets on China despite the unstable supply chain contextthe number of japanese, taiwanese and us suppliers plummeted as the iphone maker expanded its operations in southeast asia…
Attack the network
- NVIDIA Jetson chipset contains a series of security holes that allow data theft, DDoS attacks
- Most Android anti-virus software cannot detect malicious APK files
- Paradise ransomware source code shared on hacker forum
- SolarMarker malware puts users at risk
- Hackers can spy on Samsung users with pre-installed apps
- Detecting new culprits attacking Windows 10
NVIDIA Jetson chipset contains a series of security holes that allow data theft, DDoS attacks
Most Android anti-virus software cannot detect malicious APK files
Paradise ransomware source code shared on hacker forum
SolarMarker malware puts users at risk
Hackers can spy on Samsung users with pre-installed apps
Detecting new culprits attacking Windows 10