CISA-NSA publication explores considerations for customers in securing software supply chain

CISA and the National Security Agency have released a guide focused on the customer’s role in securing the software supply chain, capping off a three-part series developed in response to the SolarWinds hack.

The guide is a work product from the Enduring Security Framework, a public-private working group led by CISA and the NSA with stakeholders from the communications, information technology and defense sectors. The first two publications in the series looked at considerations for software developers and...