Secure Software Development Framework (SSDF)
Why the US government will require software vendors to certify the security of their products
A new White House memo on software supply chain security goes some way to addressing tech industry concerns about the use of third-party cybersecurity assessors.
NSA, CISA release compendium of security practices for software developers
The agencies have worked with industry to develop a set of recommendations that includes more in-depth source code reviews.
DHS board: No one used software inventories to find vulnerable Log4j deployments
Many in government and industry want software bills of materials to be the development compliance standard.
DHS seeks automated SBOM tools for enhanced supply chain visibility
Contractors have called for the software bill of materials to become a universal standard for secure development compliance.
FAR updates that would mandate cyber incident reporting for contractors a year or more away
OMB has submitted two proposals for updating contract language to the FAR Council.
OMB guidance presents chance to standardize software bill of materials
Practical deadlines for vendors and a concrete process for using the information SBOMs contain at agencies are needed, security experts say.