Secure Software Supply Chains, Urges Former Go Lead Russ Cox

Writing in Communications of the ACM, former Go tech lead Russ Cox warns we need to keep improving defenses of software supply chains, highlighting “promising approaches that should be more widely used” and “areas where more work is needed.”
There are important steps we can take today, such as adopting software signatures in some form, making sure to scan for known vulnerabilities regularly, and being ready to update and redeploy software when critical new vulnerabilities…