The Cybersecurity and Infrastructure Security Agency, the Office of the Director of National Intelligence and the National Security Agency have jointly published a recommended security practices guide intended for software suppliers.
The document, titled “Securing the Software Supply Chain: Recommended Practices Guide for Suppliers,” outlines suggested procedures for software security checks and vulnerability response and management, the NSA said Monday.
NSA said that software suppliers act as a link between customers and developers and must implement additional security features to eliminate vulnerabilities.
The guidance was developed through the Enduring Security Framework, a public-private partnership that develops guidelines for securing the U.S. critical infrastructure and improving national security.
The framework is the second portion of a three-part joint publication series from ESF. The partnership released a version of the guidance for software developers in September and will unveil an edition for software customers in the future.
