Google and GitHub propose to reduce supply chain hacking | Informatic direction

Howard Solomon – 04/11/2022

Three major IT companies have proposed a way to create tamper-proof versions of apps that reduce the risk of supply chain hacks, like the one against SolarWinds’ chain.Illustration of security concept and a touch screen

Several of the recent high-profile software hacks that alarmed free computing users around the world were consequences of supply chain integrity vulnerabilities, Google said in a blog post Thursday.

For example, when the SolarWinds Orion security update process was compromised, hackers took control of a server to use malicious source files to inject malicious artifacts into a compromised platform.

So Google and its partners built a prototype framework to generate unforgeable provenance for apps. Initially, it only works for apps built in the Go language. It uses GitHub’s feeds for isolation and Sigstore’s digital signature tools for authenticity.

Read the full article on the websiteIT World Canada (in English), a sister publication of Informatic direction

Read also:

Log4j2 vulnerability in the Serv-U application

2022 targets: supply chains and States

SolarWinds: the Nobelium group still active, according to Mandiant

Adaptation and translation into French by Dominique Lemoine

Tags: supply chain, GitHub, Google, Free Computing, software, hacking, Sigstore, Solarwinds

Howard Solomon

About Howard Solomon

Howard Solomon is the editor of the portal.


Leave a Comment