CISA, the US Cybersecurity and Infrastructure Security Agency, announced that proposed guidance for secure software development is now open to public opinion and review.
The public can now provide feedback on the self-attestation form for secure software development for a 60-day period. This requires the providers of software for the government to confirm that security practices have been put in place.
The form applies to software produced after September 14, 2022, software-as-a-service products, other various software that have received code changes, and to existing software when major changes occur.
If a software producer does not provide a completed self-attestation form, documentation is required to be obtained by federal agencies.
Minimum requirements include secure development environments, maintaining provenance data for all code, automated vulnerability checks, and efforts to maintain trusted source code supply chains.
Read more at: