https://community.isc2.org/t5/Industry-News/Securing-the-Software-Supply-Chain/m-p/64401#M6493 <P>Hi All</P><P>&nbsp;</P><P>Today, CISA, the National Security Agency (NSA), and partners released <A title="Recommended Practices for Software Bill of Materials Consumption" href="https://media.defense.gov/2023/Nov/09/2003338086/-1/-1/0/SECURING%20THE%20SOFTWARE%20SUPPLY%20CHAIN%20RECOMMENDED%20PRACTICES%20FOR%20SOFTWARE%20BILL%20OF%20MATERIALS%20CONSUMPTION.PDF" target="_blank">Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption</A>. Developed through the Enduring Security Framework (ESF), this guidance provides software developers and suppliers with industry best practices and principles, including managing open source software and software bills of materials (SBOM), to maintain and provide awareness about the security of software.</P><P>&nbsp;</P><P><A href="https://www.cisa.gov/news-events/alerts/2023/11/09/cisa-nsa-and-partners-release-new-guidance-securing-software-supply-chain" target="_blank">https://www.cisa.gov/news-events/alerts/2023/11/09/cisa-nsa-and-partners-release-new-guidance-securing-software-supply-chain</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Thu, 09 Nov 2023 20:32:06 GMT Caute_cautim 2023-11-09T20:32:06Z https://community.isc2.org/t5/Industry-News/Securing-the-Software-Supply-Chain/m-p/64401#M6493 <P>Hi All</P><P>&nbsp;</P><P>Today, CISA, the National Security Agency (NSA), and partners released <A title="Recommended Practices for Software Bill of Materials Consumption" href="https://media.defense.gov/2023/Nov/09/2003338086/-1/-1/0/SECURING%20THE%20SOFTWARE%20SUPPLY%20CHAIN%20RECOMMENDED%20PRACTICES%20FOR%20SOFTWARE%20BILL%20OF%20MATERIALS%20CONSUMPTION.PDF" target="_blank">Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption</A>. Developed through the Enduring Security Framework (ESF), this guidance provides software developers and suppliers with industry best practices and principles, including managing open source software and software bills of materials (SBOM), to maintain and provide awareness about the security of software.</P><P>&nbsp;</P><P><A href="https://www.cisa.gov/news-events/alerts/2023/11/09/cisa-nsa-and-partners-release-new-guidance-securing-software-supply-chain" target="_blank">https://www.cisa.gov/news-events/alerts/2023/11/09/cisa-nsa-and-partners-release-new-guidance-securing-software-supply-chain</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Thu, 09 Nov 2023 20:32:06 GMT https://community.isc2.org/t5/Industry-News/Securing-the-Software-Supply-Chain/m-p/64401#M6493 Caute_cautim 2023-11-09T20:32:06Z https://community.isc2.org/t5/Industry-News/Securing-the-Software-Supply-Chain/m-p/64406#M6495 Good document - however I wonder what the high scores will be on the Vulnerability Exchange(VEX)?<BR /><BR />One year old, two year old will anyone go three years and above asserting not vulnerable? Thu, 09 Nov 2023 23:57:45 GMT https://community.isc2.org/t5/Industry-News/Securing-the-Software-Supply-Chain/m-p/64406#M6495 Early_Adopter 2023-11-09T23:57:45Z https://community.isc2.org/t5/Industry-News/Securing-the-Software-Supply-Chain/m-p/77342#M7386 Mon, 24 Feb 2025 16:23:16 GMT https://community.isc2.org/t5/Industry-News/Securing-the-Software-Supply-Chain/m-p/77342#M7386 Moiz 2025-02-24T16:23:16Z