Security News > 2022 > November > NSA on Supply Chain Security
Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment.
The supplier also holds a critical responsibility in ensuring the security and integrity of our software.
The software vendor is responsible for liaising between the customer and software developer.
It is through this relationship that additional security features can be applied via contractual agreements, software releases and updates, notifications and mitigations of vulnerabilities.
Software suppliers will find guidance from NSA and our partners on preparing organizations by defining software security checks, protecting software, producing well-secured software, and responding to vulnerabilities on a continuous basis.
Until all stakeholders seek to mitigate concerns specific to their area of responsibility, the software supply chain cycle will be vulnerable and at risk for potential compromise.
News URL
https://www.schneier.com/blog/archives/2022/11/nsa-on-supply-chain-security.html