Process to Verify Software Was Built Securely Begins Today

  /     /     /  
Publicated : 23/11/2024   Category : security


Process to Verify Software Was Built Securely Begins Today


The US government launched a self-attestation form asking software developers to affirm their software was developed securely. Compliance starts today for software used in critical infrastructure.



Starting June 11 — today — US government contractors providing software that is considered part of the
critical infrastructure
will need to fill out a form asserting that their software followed
secure-by-design principles
and that each component was under their scrutiny in the form of software bills of material (SBOMs). The Cybersecurity and Infrastructure Agencys (CISA) published the
Secure Software Development Attestation Form
back in March, though a recent study at RSA Conference by supply chain security management company Lineaje suggested that many vendors are not ready.
When asked whether they were prepared to meet the deadline for federal cybersecurity attestation, only about 20% of the respondents said they were, Lineaje said. Even worse, only 16% said their company had incorporated SBOMs into software development — a key part of compliance.
In May 2021, after widely publicized incidents such as the SolarWinds saga and the Log4j exploit, US President Joe Biden put government contractors on notice that they needed to start meeting tougher standards for cybersecurity practices. President Bidens
Executive Order on Improving the Nation’s Cybersecurity
(EO 14028) set a roadmap for making the US government more secure by making its systems, and all the software on them, traceable and auditable.
That resulted in the Secure Software Development Attestation Form, which a CEO or authorized designee must sign to swear that their company presently makes consistent use of the following practices, derived from the secure software development framework (SSDF), including maintaining provenance of all components and instituting a vulnerability reporting system. The form is available for
download as a fillable PDF
or as an online form through the
Repository for Software Attestations and Artifacts portal
.
For all other software — those not deemed critical — vendors dont have to start with self-attestation until Sept. 11.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Process to Verify Software Was Built Securely Begins Today