Security News > 2022 > September > NSA and CISA share tips to secure the software supply chain
The U.S. National Security Agency and the Cybersecurity and Infrastructure Security Agency have released tips today on securing the software supply chain.
"Securing the Software Supply Chain for Developers was created to help developers achieve security through industry and government-evaluated recommendations," the Department of Defense's intelligence agency said.
"Developers will find helpful guidance from NSA and partners on developing secure code, verifying third party components, hardening the build environment, and delivering the code. Until all DevOps are DevSecOps, the software development lifecycle will be at risk."
The ESF will release two more advisories coinciding with the software supply chain lifecycle, with the other two parts in this series focusing on software suppliers and customers.
The guidance has been released after recent high-profile cyber attacks like the SolarWinds hack have highlighted weaknesses in the software supply chain that nation-state-backed threat groups can easily exploit.
Microsoft's findings demonstrated the software supply chain had become an increasingly popular target for threat actors since it allows them to compromise a single product and impact numerous downstream companies that use it.