Hi All,
The NSA and CISA just published Securing the Software Supply Chain: Recommended Practices for Managing Open-Source Software and Software Bill of Materials
This document recommends seven areas of improvement related to software development and OSS. These areas are designed to allow an organization to mature their software development process and although there are many tools that can be used, no tool will be promoted over another. The seven areas are:
Open-Source Selection Criteria,
Risk assessment,
Licensing,
Export control,
Maintenance,
Vulnerability response, and
Secure Software and SBOM Delivery.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------