Today, CISA, the National Security Agency (NSA) and partners released Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption. This guidance, developed through the Enduring Security Framework (ESF), provides software developers and vendors with industry best practices and principles, including open source software and software bill of materials (SBOM) management, to maintain and create software security awareness.
Organizations can use this guidance to assess and measure their security practices across the software lifecycle; the proposed practice can be applied across the acquisition, implementation and operations phases of a software supply chain.
CISA encourages cybersecurity advocates to review this guidance and talk to their software vendors about implementing its recommendations.
