CISA, NSA issue guidance on securing open source software through development process

CISA and the National Security Agency are providing guidance through the Enduring Security Framework on the software development process and considerations for open source software.

The paper focuses on open source software and Software Bill of Materials with the aim to “help continue to foster communication between the different roles and among cybersecurity professionals that may facilitate increased resiliency and security in the software supply chain process.”

“Organizations that include OSS in the development of their products are encouraged...