"NSA, CISA, ODNI Release Software Supply Chain Guidance for Developers"
The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have released the guide, "Securing the Software Supply Chain for Developers." The guidance is through the Enduring Security Framework (ESF), which is a public-private cross-sector working group led by NSA and CISA that provides cybersecurity guidance addressing high-priority threats to the nation's critical infrastructure. The developer bears a significant amount of responsibility for the security of their software. As ESF saw in the events leading up to the SolarWinds attack, it became clear that investment was required in developing a set of best practices regarding the needs of the software developer. The guide was developed to help developers achieve security by utilizing industry and government-evaluated recommendations. The document consolidates previously published resources for developers to use. As the cyber threat evolves, adversaries have begun to target the software supply chain instead of relying on publicly known vulnerabilities. Supply chain breaches enable malicious actors to move across networks undetected. In order to combat this threat, the cybersecurity community must pay attention to securing the software development lifecycle. This article continues to discuss the release and purpose of the "Securing the Software Supply Chain for Developers" guide.
NSA reports "NSA, CISA, ODNI Release Software Supply Chain Guidance for Developers"