The Cybersecurity and Infrastructure Security Agency and National Security Agency's Enduring Security Framework working group has unveiled the first of its three-part software supply chain guidance detailing security best practices for software developers, reports SecurityWeek.
"This document will provide guidance in line with industry best practices and principles which software developers are strongly encouraged to reference. These principles include security requirements planning, designing software architecture from a security perspective, adding security features, and maintaining the security of software and the underlying infrastructure," said the group.
Actionable guidelines in ensuring a secure software development lifecycle have also been detailed, with secure SDLC implementation and customization recommended for development teams looking to tailor the process based on their needs.
"The top-level organizational management team must ensure secure development policies and procedures are supported within the budget and schedule and are implemented and adhered to by the assigned development teams," said the guidance.
Thorough, independent tests are a vital resource for analyzing provider’s capabilities to guard against increasingly sophisticated threats to their organization. And perhaps no assessment is more widely trusted than the annual MITRE Engenuity ATT&CK Evaluation