Aqua Security Collaborates with CIS to Create the First Guide for Software Supply Chain Security
BOSTON, June 22, 2022 (GLOBE NEWSWIRE) -- Aqua Security, the leading pure-play cloud native security provider, and the Center for Internet Security (CIS), an independent, nonprofit organization with a mission to create confidence in the connected world, today released the industry’s first formal guidelines for software supply chain security. Developed through collaboration between the two organizations, the CIS Software Supply Chain Security Guide provides more than 100 foundational recommendations that can be applied across a variety of commonly used technologies and platforms. In addition, Aqua Security unveiled a new open source tool, Chain-Bench, which is the first and only tool for auditing the software supply chain to ensure compliance with the new CIS guidelines.
Establishing Best Practices for Software Supply Chain Security
Within the guide, recommendations span five categories of the software supply chain, including Source Code, Build Pipelines, Dependencies, Artifacts, and Deployment (link to blog with overview).
CIS intends to expand this guidance into more specific CIS Benchmarks to create consistent security recommendations across platforms. As with all CIS guidance, the guide will be published and reviewed globally. Feedback will help ensure that fture platform-specific guidance is accurate and relevant.
“By publishing the CIS Software Supply Chain Security Guide, CIS and Aqua Security hope to build a vibrant community interested in developing the platform-specific Benchmark guidance to come,” said Phil White, Benchmarks Development Team Manager for CIS. “Any subject matter experts that develop or work with the technologies and platforms that make up the software supply chain are encouraged to join the effort in building out additional benchmarks. Their expertise will be valuable to establishing critical best practices to advance software supply chain security for all.”
To date, the guide has been reviewed by experts at CIS, Aqua Security, Axonius, PayPal, CyberArk, Red Hat, and other leading technology firms.
Ofir Shapira, Cyber Security Product Manager, Axonius: “The work Aqua is doing around software supply chain security, not only as a company but for the wider community, is paving the way for more secure software releases.”
The Industry’s First Open Source Tool for Software Supply Chain Security
“Building software at scale requires strong governance of the software supply chain, and strong governance requires effective tools. This is where we saw an opportunity to add value,” said Eylam Milner, Director Argon Technology, Aqua Security. “We wanted to leverage our expertise in software supply chain security to help build critical guidance for one of industry’s most pressing challenges, as well as a free, accessible tool to help other organizations adhere to it. The work doesn’t stop here. We will continue working with CIS to refine this guidance, so that organizations worldwide can benefit from stronger security practices.”
About Center for Internet Security, Inc. (CIS®)
About Aqua Security
Aqua Security stops cloud native attacks. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP) securing the entire application lifecycle through prevention, detection and response. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. For more information, visit www.aquasec.com.