The National Institute of Standards and Technology has asked organizations to submit letters of interest to participate in a project that seeks to create and document an applied risk-based approach and recommendations for software supply chain and secure DevOps practices.
The Software Supply Chain and DevOps Security Practices project is designed to help organizations maintain the volume and velocity of software delivery via a cloud-native strategy and leverage automated platforms, according to a Federal Register notice posted Monday.
The notice serves as the first step for the National Cybersecurity Center of Excellence to work with technology companies through a cooperative research and development agreement to address challenges related to DevOps and software supply chain security.
The project also aims to demonstrate the use of existing and emerging secure development practices, tools and frameworks to address cybersecurity challenges.
According to the notice, letters of interest should include commercially available capabilities and components, including developer endpoints, network/infrastructure devices, services and applications, build systems, distribution/delivery platforms and production systems that host apps.
“Collaborative activities will commence as soon as enough completed and signed letters of interest have been returned to address all the necessary components and capabilities, but no earlier than June 14, 2023,” the notice reads.