The National Institute of Standards and Technology issued a special publication on integrating the security of software development life cycles into continuous integration/continuous delivery pipelines of organizations’ cloud-native applications.
SP 800-204D aims to support DevSecOps and defend organizations’ software supply chain against cyber attacks and defects resulting from due diligence gaps, NIST said Monday.
The special publication is based on a roadmap combining different expert input and policies including Executive Order 14028 and NIST’s Secure Software Development Framework.
The new document, which was authored by representatives from NIST, Purdue University and cybersecurity firm TestifySec, was prompted by recent attacks affecting the software development life cycle.
