Security Practices

Security Practices

Specific security practices and processes.

Supply-chain security

Supply-chain security is about the dependencies, build paths, and external services used to generate and distribute software and public assets.

Current focus areas

• Understanding which dependencies are included in the build and why

• Keeping development and deployment steps visible and reviewable

• Reducing unnecessary trust assumptions where possible

• Treating the generation and distribution path as part of the security surface