64.7 F
Washington D.C.
Saturday, September 24, 2022
spot_img

NSA, CISA, ODNI Release Software Supply Chain Guidance for Developers

A supply chain compromise allows malicious actors to move throughout networks seemingly undetected.

The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) released Securing the Software Supply Chain for Developers today. The product is through the Enduring Security Framework (ESF)  — a public-private cross-sector working group led by NSA and CISA that provides cybersecurity guidance addressing high priority threats to the nation’s critical infrastructure.

The developer holds a critical responsibility to the security of our software. As ESF examined the events that led up the SolarWinds attack, it was clear that investment was needed in creating a set of best practices that focused on the needs of the software developer. Securing the Software Supply Chain for Developers was created to help developers achieve security through industry and government-evaluated recommendations. This guidance consolidates valuable resources already published for developers to put to use.

As the cyber threat continues to become more sophisticated, adversaries have begun to attack the software supply chain, rather than rely on publicly know vulnerabilities. This supply chain compromise allows malicious actors to move throughout networks seemingly undetected. In order to counter this threat, the cybersecurity community needs to focus on securing the software development lifecycle.

Developers will find helpful guidance from NSA and partners on developing secure code, verifying third party components, hardening the build environment, and delivering the code. Until all DevOps are DevSecOps, the software development lifecycle will be at risk.

Security is not just for the developer, which is why ESF will also release editions of this guidance for the supplier and the customer of software. We all have to do our part to secure our networks.

If you have questions or want to learn more about ESF, please contact NSAESF@cyber.nsa.gov or visit the ESF page.

Read more at NSA

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles