Cybersecurity Experts Welcome NSA/CISA Best Practices For Software Supply

The best practices shared by the NSA and CISA lay comprehensive groundwork for organisations across the software supply chain to achieve the requirements established by President Biden’s 2021 Executive Order on cybersecurity. They represent a meaningful step in the right direction, even if they are arguably very high level.

The clear through-line in this guidance is that tooling and automation are critical for securing the software supply chain. If it hasn’t been hammered home enough, organisations must develop programs around secure supply chains, as well as software bill of materials (SBOMs) and software composition analysis (SCA). That’s not to say the guidance is perfect, because there are still holes to fill, such as advocating for a secure repository over SCA through a continuous testing model.

Overall, the recommendations offer comprehensive guidance to developers on software supply chain security. Clearly, there is a great deal of momentum behind software supply chain security at the moment, and a lot of best practice has been shared by government bodies and industry alike. Now, it is up to organisations and the wider developer community to put best practice into practice.

Comments are closed.