Story excerpt provided by Federal News Network
Agencies will require software vendors to self-certify that they’re following secure development practices under new White House guidance, but it leaves the door open for departments to mandate third-party security assessments as well.
The new guidance from the Office of Management and Budget, “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices,” stems from last year’s cybersecurity executive order.
It applies to agencies’ use of third-party software, in turn affecting the vast array of contractors and software producers in the federal procurement ecosystem.
Originally published on Sept. 14, 2022.