Secure Software Supply Chain in the Financial Sector
Introduction The financial sector is a prime target for cyberattacks, and software supply chain security became a critical concern following incidents like SolarWinds. Ensuring the integrity and provenance of the software we use and deliver is fundamental. My experience at major financial institutions like Serasa Experian and Banco Bradesco provided insights into how DevSecOps practices, specifically Software Bill of Materials (SBOM) Generation and Artifact Signing, are crucial for building a more resilient software supply chain. ...