CISOs must include developers in discussions about securing development tools, he advises. Limiting permitted tools is often counterproductive, as developers will identify workarounds to get work done. Security must cooperate with developers to assist them in using the tools they need securely, and any endpoint protection product needs to be tuned to support the unique usage patterns of developers.
This isn’t just a supply-chain problem, said Will Baxter, field CISO at Team Cymru, it’s a new infrastructure layer merging cyber-crime tooling, blockchain resilience, and developer-tooling pivoting. Registry operators, threat researchers and blockchain-monitoringpartners need to share intelligence and work together more closely to flag these hybridattacks, he added.
More advice to CSOs
Janca says to lower the risk of supply chain attacks, security leaders and application security professionals should:
