Software supply chain guidance issued by feds

The Cybersecurity and Infrastructure Security Agency and National Security Agency's Enduring Security Framework working group has unveiled the first of its three-part software supply chain guidance detailing security best practices for software developers, reports SecurityWeek. "This document will provide guidance in line with industry best practices and principles which software developers are strongly encouraged to reference. These principles include security requirements planning, designing software architecture from a security perspective, adding security features, and maintaining the security of software and the underlying infrastructure," said the group. Actionable guidelines in ensuring a secure software development lifecycle have also been detailed, with secure SDLC implementation and customization recommended for development teams looking to tailor the process based on their needs. "The top-level organizational management team must ensure secure development policies and procedures are supported within the budget and schedule and are implemented and adhered to by the assigned development teams," said the guidance.