Secure Software Development Framework (SSDF)

Why the US government will require software vendors to certify the security of their products

by

A new White House memo on software supply chain security goes some way to addressing tech industry concerns about the use of third-party cybersecurity assessors.

NSA, CISA release compendium of security practices for software developers

by

The agencies have worked with industry to develop a set of recommendations that includes more in-depth source code reviews.

DHS board: No one used software inventories to find vulnerable Log4j deployments

by

Many in government and industry want software bills of materials to be the development compliance standard.

DHS seeks automated SBOM tools for enhanced supply chain visibility

by

Contractors have called for the software bill of materials to become a universal standard for secure development compliance.

FAR updates that would mandate cyber incident reporting for contractors a year or more away

by

OMB has submitted two proposals for updating contract language to the FAR Council.

OMB guidance presents chance to standardize software bill of materials

by

Practical deadlines for vendors and a concrete process for using the information SBOMs contain at agencies are needed, security experts say.

TwitterFacebookLinkedInRedditGmail