As of yet, there is no standardization for security software supply chains. And to make matters even worse, most cryptographic signature tools don’t get used, because they’re either too cumbersome to work with or too confusing.
Read full article on The New Stack