JJediny
commented
1 month ago Context review
Closed MichaelSides closed 1 month ago
JJediny
commented
1 month ago Context review
MichaelSides
commented
1 month ago No comments, closing.
I covered a call yesterday afternoon, in which ONCD has been working with CISA on a “product security baseline” document, describing flaws that pose unacceptable risk in software development. CISA developed and drafted the document and plans to put it through interagency review. While this document is broader than open source software, OCND felt that the interagency SCRM audience would have valuable perspectives to add to the document before it goes through formal review. This aligns with both the "Secure By Design" and overall C-SCRM (Cybersecurity - Supply Chain Risk Management) initiatives, but will be intended as optional guidance (for now).
As an FYI, I've been posting all SCRM Meeting minutes here https://drive.google.com/drive/folders/1lQcyxxOW12CMdDzSSp-AHrCC5tR_WvAS?usp=drive_link if anyone wanted to get more up to speed on the topic.