Software serves as the foundation of the digital technology we all depend on, yet it’s being exploited more than ever before. From Log4j to Solarwinds and countless other exploits like the PyPI phishing attack and typosquatting threats in GitHub, software supply chain threats are not going away.
Despite the increase of attacks, there are holistic approaches we can take in order to progress as an industry. One of the investments we can make is increasing the skill sets that build, address, and remediate software supply chain compromises.
Today, a lack of comprehensive security education has proven to be a barrier to wider adoption of software supply chain security recommendations. Developers don’t know what they don’t know, and mixed signals around the most effective and efficient steps to take can limit action, thus compromising the software supply chain for everyone.
Expecting organizations to bolt on security after software is already shipped doesn’t address the root of the problem, and will not offer a sustainable solution for organizations.
To make the software supply chain secure by default, it is crucial that we close this skills gap. Today, we are excited to announce Chainguard Academy, the first open source and interactive educational platform designed for software supply chain security. This growing and comprehensive education platform will deliver all the resources developers and technology leaders need to get up to speed with software security tooling and recommendations. The Chainguard team will continuously add more tutorials, courses, demos, and documentation on security fundamentals and frameworks, open source tools, and Chainguard solutions in service to stakeholders across the software ecosystem.
Additionally, Chainguard Academy offers an interactive terminal sandbox to get hands-on and experiment with tooling. Developers will be able to work with Sigstore and Wolfi powered container images right from their browsers.
It is vital to meet the community where they are, and Chainguard Academy builds on course offerings such as the Securing Your Software Supply Chain with Sigstore course in partnership with the Linux Foundation, and social educational efforts such as a software security series on TikTok. Making learning fun, inclusive, and freely available is as important as the material itself. To that end, our repository is fully open source and Creative Commons licensed. We invite the community to participate in our efforts and to have full access to our work so we can secure the software supply chain for projects and organizations large and small.
The software supply chain will become more secure if we all do our part to make sustainable and incremental progress towards safer improvements. We look forward to partnering with organizations and projects across the ecosystem to champion wider adoption of software security recommendations with the goal of supporting engineers and CISOs who are working to address this problem today, and to lay a learning foundation for the next generation of developers and security professionals. Get started with Chainguard Academy today!