Chris DeRusha, the federal chief information security officer, said the Office of Management and Budget plans to release new guidance intended to help agencies pursue secure software development.
The guidance, scheduled for release within the next eight to 12 weeks, will build on a Secure Software Development Framework and the Software Supply Chain Security Guidance, which the National Institute of Standards and Technology issued last month, Federal News Network reported Thursday.
DeRusha said Wednesday at a NIST-hosted workshop that adopting the framework would foster a culture change in agencies and some vendor organizations.
“This is about incenting the vendor communities that are serving and selling to the U.S. government to start adopting this framework and specifically secure development practices,” stated DeRusha, who is also a 2021 Wash100 Award.
