As tech world weighs options for software supply chain security, a call for urgency
In-toto is a concerted effort to get at the root of supply chain security to create a better understanding of the origin for any piece of software. Associate Professor Justin Cappos believes that in-toto would have greatly minimized the damage ultimately caused by the SolarWinds supply chain breach. “We would have made it much harder for the [SolarWinds] attackers and most likely would have stopped the attack,” said Cappos in a 2021 interview, “in-toto definitely can protect against this. It’s very possible to catch it.”