The US National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and Office of the Director of National Intelligence (ODNI) have released a joint guidance for software suppliers providing a new set of cybersecurity practices to help organizations secure their supply chains.
“The software supplier (vendor) is responsible for liaising between the customer and software developer. Accordingly, vendor responsibilities include ensuring the integrity and security of software via contractual agreements, software releases and updates, notifications, and mitigations of vulnerabilities,” the guide notes.
The agencies also released best practices for developers to help them achieve security through industry and government-evaluated recommendations.
Earlier this week, CISA published a guide with recommendations on how to prevent or reduce the impact of distributed denial of service (DDOS) attacks.