slsa security survey


A Survey of Software Supply Chain Security Practices and Beliefs

Gain new insights into software supply chain security practices by reading our report published in partnership with Chainguard, the Rust Foundation and OpenSSF:

“At the Eclipse Foundation, we believe that foundations have an important role to play in addressing the challenges of securing open source and its supply chain.” Mikael Barbero, Eclipse Foundation Head of Security
“It is clear from this report that, while security is seen as a priority, there is still some way to go to ensure that it is pursued coherently and efficiently.” Rebecca Rumbul, Rust Foundation Executive Director & CEO
“We are definitely trending positively, but this report illuminates critical gaps and challenging areas that we can start addressing today to ensure a more secure software supply chain tomorrow.” Kim Lewandowski, Chainguard Co-Founder & Head of Product

Is everyone practicing software supply chain security, or are they just talking about it?

To date, answering this question has been difficult. To find some answers, this survey asked 167 software professionals from around the world, at organizations of varying sizes and with various degrees of commitment to software supply chain security.


To learn more about our supply chain security efforts, please review the Eclipse Foundation's Open Source Software Supply Chain Best Practices