US security agency, the National Security Agency (NSA), has released new software supply chain guidance to help developers avoid cyberattacks targeting proprietary and open-source software.
The new guidance is meant to help US private and public sector organizations defend themselves against supply chain attacks, including the one Russian Foreign Intelligence Service (SVR) hackers deployed against SolarWinds and its customers.
“Recent cyberattacks such as those executed against SolarWinds and its customers, and exploits that take advantage of vulnerabilities such as Log4j, highlight weaknesses within software supply chains, an issue which spans both commercial and open source software and impacts both private and government enterprises,” the NSA says in its guidance.
