The National Security Telecommunications Advisory Committee (NSTAC) has issued a draft report that calls for the White House to form a task force that would help define a public-private initiative focused on key software assurance areas and the software supply chain.
NSTAC, which is composed of industry CEOs advising the president on issues related to the country’s communications infrastructure, said the task force should include workstreams to help carry out the recommendations outlined in the report.
The draft document classifies key findings and recommendations into areas of software assurance, stakeholders and external influencing factors.
For the software assurance aspect, the committee recommends that the U.S. government and industry collaborate on broader adoption of supply chain risk management practices adapted to the modern software ecosystem; improve security and assurance processes for open-source software, and invest in research and development efforts related to software assurance to keep up with advances in computing systems.
The draft document also calls for the government to direct the National Institute of Standards and Technology (NIST) to convene a public-private initiative to enhance harmonization among standards in security assurance.
