"NSA and ESF Partners Release Recommended Practices for Managing Open Source Software and Software Bill of Materials"

The National Security Agency (NSA), the Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have released a Cybersecurity Technical Report (CTR) titled "Securing the Software Supply Chain: Recommended Practices for Managing Open Source Software and Software Bill of Materials." The CTR expands on the "Enhancing the Security of the Software Supply Chain through Secure Software Development Practices" paper. Guidance in this new CTR supports single developer and large industry company activities to maintain software supply chain security practices. This article continues to discuss the new CTR that recommends practices for managing open source software and Software Bill of Materials (SBOM).

NSA reports "NSA and ESF Partners Release Recommended Practices for Managing Open Source Software and Software Bill of Materials"

Submitted by grigby1