NIST publishes guidance for securing software use, vendor source code testing

Building on its “critical software” work mandated by President Biden’s May executive order on securing government networks, the National Institute of Standards and Technology on Friday published guidance focused on critical software use and minimum standards for vendors to test their software source code.

The new critical software use publication provides more details on NIST’s definition of critical software released on June 26. NIST consulted with the Cybersecurity and Infrastructure Security Agency and the White House Office of Management...