The National Security Agency and the Cybersecurity and Infrastructure Agency’s latest guidance offers software developers and suppliers a set of recommendations on how to securely source and store open source software, as open source tech use has skyrocketed in the last few years
The new document from the Enduring Security Framework (ESF) Software Supply Chain Working Group focuses on open source software adoption and things to consider when introducing an open source component to the existing environment. The guidance also covers best practices for Software Bill of Materials (SBOMs) management.