A new publication called The Defending Against Software Supply Chain Attacks has been issued by CISA and the National Institute of Standards and Technology (NIST). It provides an overview of software supply chain issues and makes recommendations about how software customers and vendors can identify, assess, and mitigate software supply chain risks. The publication also provides practical guidance associated with the use of the NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework and the Secure Software Development Framework (SSDF).
The publication can be found here: https://www.cisa.gov/publication/software-supply-chain-attacks
/Passle/5db069e28cb62309f866c3ee/MediaLibrary/Images/5dcaad168cb6230d740f6dc1/2023-06-26-15-46-15-758-6499b2c7436bdee0ca01af9f.jpg)
/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2024-04-20-02-31-03-420-662328e76f4c71deb047b31b.jpg)
/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2024-04-22-17-29-47-425-66269e8bd100dba38ac09968.jpg)
/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2024-04-22-14-25-24-832-66267354d100dba38ac021b3.jpg)
/Passle/5db069e28cb62309f866c3ee/SearchServiceImages/2024-04-22-13-34-49-055-662667798171a252db379d01.jpg)