Securing the Software Supply Chain: Recommended Practices Guide for Suppliers and accompanying Fact Sheet

Supported by CISA, the National Security Agency (NSA), and the Office of the Director for National Intelligence, the Enduring Security Framework Working Group (a cross-sector, public-private working group) developed a three-part series for securing the software supply chain. This second guide for suppliers (i.e., vendors) was developed to help organizations define software security checks, protect software, produce well-secured software, and respond to vulnerabilities on a continuous basis.