Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds

  /     /     /  
Publicated : 23/11/2024   Category : security


Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds


The US government and the Open Source Security Foundation have released guidance to shore up software supply chain security, and now its up to developers to act.



Lessons learned from the SolarWinds software supply chain attack were translated into concrete guidance this week when the US Cybersecurity and Infrastructure Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) released a joint best practices framework for developers to avoid future supply chain attacks.
Besides the US governments recommendations, developers also received
npm Best Practices
from the Open Source Security Foundation, to establish supply chain security open source best practices.
The developer holds a critical responsibility to the security of our software, the agencies said about the publication, titled
Securing the Software Supply Chain for Developers
. As ESF examined the events that led up the
SolarWinds attack
, it was clear that investment was needed in creating a set of best practices that focused on the needs of the software developer.
OpenSSFs announcement, meanwhile, noted that the npm code repository has grown to include 2.1 million packages.
Developers like Michael Burch, director of application security for Security Journey, applaud the industrys proactive approach, but Burch adds that its now up to the cybersecurity sector to put these guidelines into action, particularly a recommendation for the implementation of
software bills of materials (SBOMs)
.
What we need now is the AppSec community to come together on the back of this guidance, and create a standard format and implementation for SBOMs to boost software supply chain security, Burch said.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Feds, npm Issue Supply Chain Security Guidance to Avert Another SolarWinds