CISA issues guidance on defending against software supply chain attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance this week following the compromise of the SolarWinds software that affected thousands of entities across the United States and beyond. The guidance took the form of a primer for companies, explaining the nature of the software supply chain and the various access points where supply chain vulnerabilities exist. It concludes with concrete recommendations for both vendors and their customers with discussion on the Secure Software Development Framework (SSDF) and Cyber Supply Chain Risk Management (C-SCRM).To read this article in full, please click hereCSO OnlineRead More