Google Announces GUAC Open-Source Project on Software Supply Chains - Slashdot
Google unveiled a new open source security project on Thursday centered around software supply chain management. The Record reports: Given the acronym GUAC – which stands for Graph for Understanding Artifact Composition – the project is focused on creating sets of data about a software’s build, s…
Google’s GUAC Aims to Democratize Software Supply Chain Security Metadata
Software makers and customers will be able to query graph database for information about the security and provenance of components in applications and codebases.
Tackling Supply-Chain Security in Regulated Industries
With the importance and impact that software supply-chain threats can have, what can regulated industries and organizations do to protect themselves?