Short Excerpt of exec summary. Key issues
Securing the Software Supply Chain: Recommended Practices for Developers ii
Executive Summary From CISA.GOV
Cyberattacks are conducted via cyberspace and target an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment orinfrastructure; or destroying the integrity of the data or stealing controlled information.1Recent cyberattacks such as those executed against SolarWinds and its customers, and exploist that take advantage of vulnerabilities such as Log4j, highlight weaknesses within software supply chains, an issue which spans both commercial and open source software and impacts both private and Government enterprises. Accordingly, there is an increased need for software supply chain
security awareness and cognizance regarding the potential for software supply chains to be weaponized by nation state adversaries using similar tactics, techniques, and procedures (TTPs). In response, the White House released an Executive Order on Improving the Nation’s Cybersecurity (EO 14028). EO 14028 establishes new requirements to secure the federal government’s software supply chain. These requirements involve systematic reviews, process improvements, and security standards for both software suppliers and developers, in addition to customers who acquire software for the Federal Government. Similarly, the Enduring Security Framework2 (ESF) Software Supply Chain Working Panel has established this guidance to serve as a compendium of suggested practices for developers, suppliers, and customer stakeholders to help ensure a more secure software supply chain. This guidance is organized into a three part series: Part 1 of the series focuses on software developers ... ' (Much More at link)
No comments:
Post a Comment