{"id":49661,"date":"2022-12-09T13:00:00","date_gmt":"2022-12-09T13:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/application-security\/google-use-slsa-framework-for-better-software-security"},"modified":"2022-12-09T13:00:00","modified_gmt":"2022-12-09T13:00:00","slug":"google-use-slsa-framework-for-better-software-security","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/","title":{"rendered":"Google: Use SLSA Framework for Better Software Security"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb1f0637f40232742\/639267e2e856e932b8e8732c\/supplychain_IncrediVFX_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Organizations should implement the Supply Chain Levels for Software Artifacts (SLSA) framework when building software to ensure better software security and integrity, advocates Google \u2014 after the tech giant did a deep-dive into best practices for securing the software supply chain.&nbsp;<\/p>\n<p>In a report out on Dec. 9, Google laid out several&nbsp;recommendations for bolstering supply chain security, including the need for organizations to take on more direct responsibility for open source software, and taking a more holistic approach to addressing risks such as those presented by the Log4J vulnerability and the SolarWinds breach.<\/p>\n<p>Google&#8217;s report on software security is the first in a new &#8220;<a href=\"https:\/\/services.google.com\/fh\/files\/blogs\/perspectives_on_security_volume_one_digital.pdf\" target=\"_blank\" rel=\"noopener\">Perspectives on Security<\/a>&#8221; research series that examines emerging security trends and how to address them. The report&#8217;s release comes on the second anniversary of the SolarWinds breach disclosure, and its recommendations are based on Google&#8217;s analysis of that incident as well as numerous other software supply chain breaches since then. Those include incidents&nbsp;at&nbsp;<a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/attackers-compromised-code-checking-vendors-tool-for-two-months\/d\/d-id\/1340765\" target=\"_blank\" rel=\"noopener\">Codecov<\/a>, <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/3-security-lessons-learned-from-the-kaseya-ransomware-attack\" target=\"_blank\" rel=\"noopener\">Kaseya<\/a> and those involving public code repositories such as <a href=\"https:\/\/www.darkreading.com\/application-security\/10-malicious-packages-slither-pypi-registry\" target=\"_blank\" rel=\"noopener\">PyPI<\/a>. <\/p>\n<p>The breaches have made software supply chain security a <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/the-next-generation-of-supply-chain-attacks-is-here-to-stay\" target=\"_blank\" rel=\"noopener\">top item on the enterprise IT agenda<\/a>. A recent report from Mandiant identified supply chain compromises as <a href=\"https:\/\/www.mandiant.com\/m-trends\" target=\"_blank\" rel=\"noopener\">contributing to 17% of all intrusions<\/a> in 2021, up from less than 1% just a year earlier. Supply chain issues were, in fact, the second most frequent initial intrusion vector after software vulnerability exploits in 2021.<\/p>\n<h2 class=\"regular-text\">Two Main Takeaways for Security Decision-Makers<\/h2>\n<p>&#8220;There are two main key takeaways from this report that enterprise IT and security decision makers should consider that will help them securely build and verify the integrity of software,&#8221; says Royal Hansen, vice president of engineering at Google.&nbsp;<\/p>\n<p>The first, as mentioned,&nbsp;is that security leaders need to focus on adopting a more holistic approach to strengthen defenses against software supply chain attacks:&nbsp;&#8220;Organizations should also implement the <a href=\"https:\/\/slsa.dev\/\" target=\"_blank\" rel=\"noopener\">SupplyChain Levels for Software Artifacts (SLSA) framework<\/a> to ensure the security community mitigate threats across the entire software supply chain ecosystem,&#8221; he says.<\/p>\n<p>SLSA (pronounced &#8220;salsa&#8221;) provides software developers a cadre of controls and practices to ensure software security and integrity during the entire software development life cycle through production. One of its key goals is to give organizations a way to prevent and detect tampering of the sort that happened at SolarWinds, where an adversary inserted malicious code into<span> \u2014 <\/span>and distributed it via \u2014 a signed software update.<\/p>\n<p>SLSA is a prescriptive checklist, meaning it spells out the steps that organizations need to take. That includes, for instance, verifying the provenance of all open source and third-party components in their software, and for ensuring there&#8217;s been no tampering with the software.&nbsp;<\/p>\n<p>Among other things, it also requires that organizations retain source code indefinitely and have the ability to verify the integrity of their software with tamper-proof provenance information.<\/p>\n<p>Google perceives the SLSA framework as allowing organizations to optimize the benefits of things like a <a href=\"https:\/\/www.darkreading.com\/dr-tech\/waiting-for-sbom-take-a-look-at-asm\" target=\"_blank\" rel=\"noopener\">software bill of materials (SBOMs)<\/a>, i.e.,&nbsp;a list of all the components in a particular piece of software. <\/p>\n<h2 class=\"regular-text\">Assuming More Responsibility<\/h2>\n<p>One of the other keys to bolstering supply chain security at an industry level is for organizations to secure their own open source and proprietary software supply chains, Google said.<\/p>\n<p>This means ensuring that all software they build or acquire from other sources implements baseline security standards and controls. As an example, Google pointed to the Minimum Viable Secure Product (MVSP) requirements for enterprise-ready software that it developed in collaboration with several other companies, including Okta, Salesforce, Slack, and Venafi.<\/p>\n<p>MVSP is a <a href=\"https:\/\/mvsp.dev\/\" target=\"_blank\" rel=\"noopener\">checklist of baseline security controls<\/a> that a software developer must implement, at a minimum, to ensure a reasonably secure product. The checklist includes things such as whether the software vendor or publisher publishes vulnerability reports, conducts self-assessments and external testing, and implements practices such as SSO, HTTPS, and security headers.<\/p>\n<p>Software purchasers can use the baseline to assess whether a product meets those requirements, while larger companies can incorporate MVSP as their standard questionnaire when triaging the security posture of their third-party software suppliers, Google said. Procurement teams can include them in requests for proposal (RFP) documents and use it as security baseline for vendor selection, Google said.<\/p>\n<p>Hansen says security leaders and practitioners can also take other measures to bolster software supply chain security. &#8220;Findings from the report suggest a need for a more thorough understanding of software supply chain networks, identification of potential risks and implementation of risk-mitigation plans, and the establishment of security requirements for software procurement,&#8221; he notes.<\/p>\n<p>Security organizations can play a role as well by, for example, funding the Open Source Security Foundation (OSSF) and the open source software project maintainers who find and fix security vulnerability in open source code, Hansen says. <\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/application-security\/google-use-slsa-framework-for-better-software-security\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security leaders also need to take a more holistic approach to addressing supply chain risks, company says in new research report.Read More <a href=\"https:\/\/www.darkreading.com\/application-security\/google-use-slsa-framework-for-better-software-security\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-49661","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Google: Use SLSA Framework for Better Software Security 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Google: Use SLSA Framework for Better Software Security 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-09T13:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb1f0637f40232742\/639267e2e856e932b8e8732c\/supplychain_IncrediVFX_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Google: Use SLSA Framework for Better Software Security\",\"datePublished\":\"2022-12-09T13:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/\"},\"wordCount\":804,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltb1f0637f40232742\\\/639267e2e856e932b8e8732c\\\/supplychain_IncrediVFX_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/\",\"name\":\"Google: Use SLSA Framework for Better Software Security 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltb1f0637f40232742\\\/639267e2e856e932b8e8732c\\\/supplychain_IncrediVFX_shutterstock.jpg\",\"datePublished\":\"2022-12-09T13:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltb1f0637f40232742\\\/639267e2e856e932b8e8732c\\\/supplychain_IncrediVFX_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltb1f0637f40232742\\\/639267e2e856e932b8e8732c\\\/supplychain_IncrediVFX_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/google-use-slsa-framework-for-better-software-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Google: Use SLSA Framework for Better Software Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Google: Use SLSA Framework for Better Software Security 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/","og_locale":"en_US","og_type":"article","og_title":"Google: Use SLSA Framework for Better Software Security 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-12-09T13:00:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb1f0637f40232742\/639267e2e856e932b8e8732c\/supplychain_IncrediVFX_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Google: Use SLSA Framework for Better Software Security","datePublished":"2022-12-09T13:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/"},"wordCount":804,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb1f0637f40232742\/639267e2e856e932b8e8732c\/supplychain_IncrediVFX_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/","url":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/","name":"Google: Use SLSA Framework for Better Software Security 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb1f0637f40232742\/639267e2e856e932b8e8732c\/supplychain_IncrediVFX_shutterstock.jpg","datePublished":"2022-12-09T13:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb1f0637f40232742\/639267e2e856e932b8e8732c\/supplychain_IncrediVFX_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb1f0637f40232742\/639267e2e856e932b8e8732c\/supplychain_IncrediVFX_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/google-use-slsa-framework-for-better-software-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Google: Use SLSA Framework for Better Software Security"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=49661"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/49661\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=49661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=49661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=49661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}