From bleepingcomputer.com
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released tips today on securing the software supply chain.
This guidance is designed by the Enduring Security Framework (ESF)—a public-private partnership that works to address threats to U.S. critical infrastructure and national security systems—to serve as a collection of suggested practices for software developers.
“Securing the Software Supply Chain for Developers was created to help developers achieve security through industry and government-evaluated recommendations,” the Department of Defense’s intelligence agency said.