Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds

  /     /     /  
Publicated : 23/11/2024   Category : security

Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds


The US government and the Open Source Security Foundation have released guidance to shore up software supply chain security, and now its up to developers to act.


Lessons learned from the SolarWinds software supply chain attack were translated into concrete guidance this week when the US Cybersecurity and Infrastructure Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) released a joint best practices framework for developers to avoid future supply chain attacks.
Besides the US governments recommendations, developers also received
npm Best Practices
from the Open Source Security Foundation, to establish supply chain security open source best practices.
The developer holds a critical responsibility to the security of our software, the agencies said about the publication, titled
Securing the Software Supply Chain for Developers
. As ESF examined the events that led up the
SolarWinds attack
, it was clear that investment was needed in creating a set of best practices that focused on the needs of the software developer.
OpenSSFs announcement, meanwhile, noted that the npm code repository has grown to include 2.1 million packages.
Developers like Michael Burch, director of application security for Security Journey, applaud the industrys proactive approach, but Burch adds that its now up to the cybersecurity sector to put these guidelines into action, particularly a recommendation for the implementation of
software bills of materials (SBOMs)
.
What we need now is the AppSec community to come together on the back of this guidance, and create a standard format and implementation for SBOMs to boost software supply chain security, Burch said.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds