Definitive timeline: Federal guidance on software supply chain security
With major software supply chain attacks including the SunBurst attack on SolarWinds in 2020 and the critical vulnerability Log4j, software security moved front and center for risk managers and software teams alike. These incidents, along with a string of other attacks that span the past few decades, show the problem is only getting worse as bad actors target an increasingly complex process for building software — and the software development toolchain itself.
The problem has accelerated dramatically in the past three years, with software supply chain threats via open-source repositories skyrocketing by 1300% between 2020 and 2023, catching security teams off guard. Also: Nearly nine out of 10 security and IT professionals surveyed in a 2023 study said that their companies detected security issues in their software supply chains in the last 12 months.
The problem of software supply chain security has also caught the attention of the U.S. federal government, which has been very active over the past few years in seeking to tackle the problem head on. Those efforts include the White House’s Executive Order on Improving the Nation’s Cybersecurity, released in May 2021, and a flurry of other critical initiatives and guidance that have followed, including the Secure by Design initiative in 2023.
Here is a definitive timeline of the U.S.’s major software supply chain policy initiatives and mandates:
[ Key takeaways: State of Software Supply Chain Security 2024 | Get the full report ]
*** This is a Security Bloggers Network syndicated blog from ReversingLabs Blog authored by Carolynn van Arsdale. Read the original post at: https://www.reversinglabs.com/blog/timeline-of-federal-guidance-on-software-supply-chain-security