Agencies will require software vendors to self-certify that they’re following secure development practices under new White House guidance, but it leaves the door open for departments to mandate third-party security assessments as well.
The new guidance from the Office of Management and Budget, “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices,” stems from last year’s cybersecurity executive order…
The OMB memo requires agencies to ensure their software is developed in line with two documents published earlier this year by the National Institute of Standards and Technology: a “Secure Software Development Framework” (SSDF), as well as “Software Supply Chain Security Guidance.” … Read the full article here.
