"New, Free Tool Adds Layer of Security for the Software Supply Chain"

Researchers at the NYU Tandon School of Engineering developed an open-source tool called "in-toto" to bolster software supply chain security against cyberattacks. In-toto is a free and easy-to-use framework that cryptographically ensures the integrity of all steps in designing and developing a piece of software. This tool has been adopted and implemented into major open-source software projects, including those hosted by the Cloud Native Computing Foundation, a Linux Foundation project. When applying in-toto, a company must establish a set of rules or protocols associated with each step conducted in software development. When each step is performed, in-to gathers link metadata confirming that the step was followed according to the established set of rules or protocols. This article continues to discuss the goal, development, operation, and adoption of in-toto. 

NYU reports "New, Free Tool Adds Layer of Security for the Software Supply Chain"