CISA supply-chain task force seeks members for vendor 'attestation' working group

A Cybersecurity and Infrastructure Security Agency task force on securing the supply chain for information and communications technology is seeking members for a new working group to examine how vendors can “self attest” to the security of their products, according to participants at a MITRE- hosted meeting on software and supply-chain security.

The CISA task force is seeking “volunteers” for the working group that will develop recommendations for a “model or template” allowing vendors to describe their supply-chain risk management...