Security News > 2022 > October > NSA shares supply chain security tips for software suppliers
NSA, CISA, and the Office of the Director of National Intelligence have shared a new set of suggested practices that software suppliers can follow to secure the supply chain.
"Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. But the supplier also holds a critical responsibility in ensuring the security and integrity of our software," the NSA said on Monday.
"After all, the software vendor is responsible for liaising between the customer and software developer. It is through this relationship that additional security features can be applied via contractual agreements, software releases and updates, notifications and mitigations of vulnerabilities."
The ESF will release one more advisory focused on the customer part of the software supply chain lifecycle after issuing the first chapter in September with guidance for software developers.
You can find the complete guide of recommended practices for suppliers, including security requirements planning and maintaining software security, in today's advisory [PDF].
More evidence that the software supply chain is a popular and constant target came from a Microsoft report published in October 2021.