In partnership with Chainguard, the Rust Foundation, and the Open Source Security Foundation, we’re proud to release SLSA++ A Survey of Software Supply Chain Security Practices and Beliefs.
The survey, conducted in the summer and fall of 2022, includes data from nearly 170 respondents at a wide range of organizations, large and small, some security-focused in their role and others not.
The questions were primarily derived from the security requirements associated with the Supply-chain Levels for Software Artifacts (SLSA) supply chain integrity framework version 0.1.
All respondents answered a series of questions for ten different software supply chain security practices. Three key findings stand out:
- Some software supply chain security practices are already widely adopted.
- Most practices are considered helpful though there is surprisingly little variation in the perceived level of helpfulness.
- Some SLSA practices are considered substantially more difficult than others.
Review the Eclipse Foundation's Open Source Software Supply Chain Best Practices to learn more about our supply chain security efforts, and download the report for a complete look at the survey’s findings.