Dip into SLSA with OpenSSF

By Chad Cox

Production Editor

Embedded Computing Design

May 02, 2023


San Francisco, California. The Open Source Security Foundation (OpenSSF) has published ratification 1.0 of Supply-chain Levels for Software Artifacts (SLSA). The OpenSSF SLSA solution delivers specifications for software supply chain security. The specifications are designed utilizing the expertise of community members.

The platform leverages ascending levels with each level continually to increase security. The levels are designed to ensure the legitimacy of authentic software tracing back to the source.

"The OpenSSF is working hard to put more rigor into the software development process," said Brian Behlendorf, General Manager of the OpenSSF. "The stable release of SLSA v1.0 is an important milestone in improving software supply chain security and providing organizations with the tools they need to protect their software."

SLSA Delivers

  • Common terminology about software supply chain security
  • Test upstream dependencies (source code, builds, and container images)
  • Actionable checklist improving user’s software's security
  • Simplify compliance with forthcoming Executive Order standards in the Secure Software Development Framework (SSDF)

For more information, visit openssf.org.

To utilize SLSA, visit slsa.dev/.

Chad Cox. Production Editor, Embedded Computing Design, has responsibilities that include handling the news cycle, newsletters, social media, and advertising. Chad graduated from the University of Cincinnati with a B.A. in Cultural and Analytical Literature.

More from Chad