The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) released Securing the Software Supply Chain for Developers on September 1st. The product is through the Enduring Security Framework (ESF) — a public-private cross-sector working group led by NSA and CISA that provides cybersecurity guidance addressing high-priority threats to the nation’s critical infrastructure.
The developer holds a critical responsibility to the security of our software. As ESF examined the events that led up the SolarWinds attack, it was clear that investment was needed in creating a set of best practices that focused on the needs of the software developer. Securing the Software Supply Chain for Developers was created to help developers achieve security through industry and government-evaluated recommendations. This guidance consolidates valuable resources already published for developers to put to use.