CISA, NSA and industry outline security responsibilities of software suppliers

From fcw.com

Software suppliers have unique responsibilities maintaining efficient delivery of their products while considering security risks, according to guidance the National Security Agency recently released, together with the Cybersecurity and Infrastructure Security Agency.

“Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components and harden the build environment,” reads an Oct. 31 press release from NSA. “But the supplier also holds a critical responsibility in ensuring the security and integrity of our software. After all, the software vendor is responsible for liaising between the customer and software developer. It is through this relationship that additional security features can be applied via contractual agreements, software releases and updates, notifications and mitigations of vulnerabilities.”

Read more…