Supply Chain Council of European Union | Scceu.org
News

NSA, ODNI, CISA Offer Supply Chain Security Guidance for Software Developers

The National Security Agency, the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency have issued guidance outlining best practices that developers can adopt to secure the software supply chain.

The guidance document titled Securing the Software Supply Chain for Developers recommends ways on how developers can develop secure code, harden the build environment, verify third-party components and deliver the code, NSA said Thursday.

For the secure code development aspect, the document recommends several measures to mitigate the risks of intentional or unintentional use of malicious code in a project. 

Recommended practices include implementing a well-balanced authenticated source code check-in process, performing nightly builds with security and regression tests and mapping features to requirements.

The Enduring Security Framework, a public-private working group led by CISA and NSA, developed the document and intends to introduce versions of the guidance for supplier and customer software.

Related posts

Owners blame supply chain problems for broken elevator at senior center

scceu

US-based advocacy group says China has strategically captured entire US supply chain | Indiablooms

scceu

Hyfé Foods Turns Wasted Sugar Water into Flour Amidst a Supply Chain Crunch

scceu