By Matthew Lyon, Dell Technologies; Elena Kravchenko, Imperva; Altaz Valani, Security Compass

Introduction

In our first blog post on the topic of Code Integrity, we outlined the value of code integrity. We also described the code integrity threat landscape that necessitates safeguards. Organizations must overcome many obstacles to assure code integrity.

Software development continues to evolve. New paradigms such as microservices, cloud, and infrastructure-as-code are driving rapid advancements in automated continual test and deployment of code. Organizations must therefore develop a code integrity strategy that is lean and agile. 

Organizations must enforce code integrity for code they develop and also demand the same level of code integrity for components sourced from their supply chain. Open source software presents unique challenges in this context. Use of open source software means that the consumer is reliant on the security practices of the project contributors.The software is free, but the consumer may still be responsible for security assurance.

Establishing a set of principles to guide an organization’s code integrity practices creates a foundation to address the challenge. Auditing, detection, and accountability should be cornerstones of the code integrity strategy. A lack of detection methods presents impediments to these objectives. Implementation of a defense-in-depth approach consisting of layered controls can help to address this deficiency.

Principles

  1. You shall implement a defense-in-depth strategy to rapidly identify, isolate, and mitigate internal and external code integrity threats. 
  2. You shall ensure that all systems that store and transmit code are protected by appropriate security controls.
  3. You shall manage all source code in a secure version control system.
  4. You shall manage all binary code in a secure artifact repository.
  5. You shall establish and maintain an inventory of all code components.
  6. You shall secure your software delivery tool chain.
  7. You shall only deploy or disseminate approved and secure code.
  8. You shall ensure production artifacts are securely delivered.
  9. You shall ensure that all development and delivery services and capabilities are managed securely.
  10. You shall assure that all participants in your upstream supply chain adhere to these principles.

Conclusion

The principles outlined above are aimed at helping a development organization achieve assurance of code integrity. To adhere to these principles, organizations will need to perform certain activities and implement a variety of security controls. They will also need to be prepared to provide evidence of having done so. Performing these control activities also implies that a chain of custody is maintained for code throughout its lifecycle.

Higher levels of assurance reflects an enhanced trust level. This trust is based on increasing levels of maturity in control implementation. For example, a CI/CD system is used to schedule and control activities. It is augmented with continuous monitoring. 

Consider the example of access control. Initially we may see limited per-team access restriction (i.e., vertical boundaries). As the control implementation matures, finer granularity can be introduced based on the role of a given user in the team (i.e., horizontal boundaries).

There are many useful references that can inform a strategy for code integrity assurance. SAFECode believes that the NIST Secure Software Development Framework (SSDF) drives effectiveness and consistency in this space. Organizations can create processes that adhere to the principles in the SSDF. In our next blog post, we will examine the relationship between our principles and the requirements set forth in the SSDF.