CISA issues draft attestation form for government software providers
Industry vendors have until June 26 to comment on the provisional document.
Advertisement
software bill of materials (SBOM)
Software bills of material face long road to adoption
Cybersecurity leaders agree on the need for a standardized recipe list for software, but implementing an effective compliance regime remains a challenge.
OMB to hold listening session with industry on software security self-attestation
National Security Council official Steve Kelly says the White House is targeting a January launch for new self-attestation requirements.
Software supply chain amendment omitted from NDAA text
The now-excised section 6722 was earlier criticized by industry as “vague” and “internally inconsistent.”
Why the US government will require software vendors to certify the security of their products
A new White House memo on software supply chain security goes some way to addressing tech industry concerns about the use of third-party cybersecurity assessors.
Advertisement
DHS board: No one used software inventories to find vulnerable Log4j deployments
Many in government and industry want software bills of materials to be the development compliance standard.
DHS seeks automated SBOM tools for enhanced supply chain visibility
Contractors have called for the software bill of materials to become a universal standard for secure development compliance.
OMB guidance presents chance to standardize software bill of materials
Practical deadlines for vendors and a concrete process for using the information SBOMs contain at agencies are needed, security experts say.
CISA expects most agencies to be deploying endpoint detection by FY23
Officials touted the agency's success as civilian cyber operational lead, during a House hearing Tuesday.
Industry seeks consensus on government’s secure software compliance process
Companies want clarification from government over what specific artifacts and metadata it wants to assess.
Advertisement