Secure Supply Chain and vulnerability reports at AdaCore
In the past few years, attacks compromising software supply chains (MITRE ATT&CK T1195) have become more prominent, with cases such as NotPeya, Target data breach, Solarwinds, … The impact of the SolarWinds attack in 2020 in the United States led to Executive Order 14028, which strongly focuses on improving the security and integrity of software supply chains. Since then, various initiatives have been started, either by governments or organizations, such as SSDF (“Secure Software Development Framework”) by NIST or the SLSA framework (“Supply Chain Levels for Software Artifacts”) by OpenSSF (2021).