The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance this week following the compromise of the SolarWinds software that affected thousands of entities across the United States and beyond. The guidance took the form of a primer for companies, explaining the nature of the software supply chain and the various access points where supply chain vulnerabilities exist. It concludes with concrete recommendations for both vendors and their customers with discussion on the Secure Software Development Framework (SSDF) and Cyber Supply Chain Risk Management (C-SCRM).
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
