Esther SchindlerFeb 20

Wind River Achieves SSDF Security Milestones — and Why It Matters

In support of Wind River’s commitment to building and delivering secure, trustworthy software, the company is proud to announce that eLxr Pro, Wind River Studio Developer, and Wind River Private Cloud Suite all achieved Full Secure Software Development Framework (#SSDF) conformance.
https://www.windriver.com/blog/Wind-River-Achieves-SSDF-Security-Milestones

Wind River Achieves SSDF Security Milestones — and Why It Matters

In support of Wind River’s commitment to building and delivering secure, trustworthy software, the company is proud to announce that eLxr Pro, Wind River Studio Developer, and W

Wind River
jpmellojrJan 22
NIST SSDF 1.2 shifts focus from "write secure code" to "operate secure software" across the full SDLC—recognizing AppSec as a journey, not a destination.
https://jpmellojr.blogspot.com/2026/01/ssdf-12-recognizes-appsec-is-journey.html
#NIST #SSDF #AppSec #DevSecOps
anchoreFeb 3, 2025

The FAR Council is poised to update software contracts: machine-readable SSDF attestations, compliance artifacts, & more. Get the lowdown on the 2025 Cybersecurity EO & how to prepare. ➡️ https://anchore.com/blog/2025-cybersecurity-executive-order/

#SSDF #Compliance #SoftwareSupplyChainSecurity

What the 2025 Cybersecurity Executive Order Means for You

Find out what software providers and federal agencies need to know about the new 2025 Executive Order on Cybersecurity, plus next steps for achieving compliance.

Anchore
anchoreJan 31, 2025

New EO, new rules: CISA will validate SSDF claims & can refer false attestations to the DOJ. Don't get caught out! Learn what the 2025 Cybersecurity EO means for agencies & vendors in our new blog. ➡️ https://anchore.com/blog/2025-cybersecurity-executive-order/

#SSDF #Compliance #SoftwareSupplyChainSecurity

What the 2025 Cybersecurity Executive Order Means for You

Find out what software providers and federal agencies need to know about the new 2025 Executive Order on Cybersecurity, plus next steps for achieving compliance.

Anchore
anchoreJan 28, 2025

The 2025 Cybersecurity EO is here—no more easy self-attestations! Vendors face stricter SSDF verification, legal risks, & new contract terms. Are you ready? Get the full scoop in our latest blog. ➡️ https://anchore.com/blog/2025-cybersecurity-executive-order/

#SSDF #Compliance #SoftwareSupplyChainSecurity

What the 2025 Cybersecurity Executive Order Means for You

Find out what software providers and federal agencies need to know about the new 2025 Executive Order on Cybersecurity, plus next steps for achieving compliance.

Anchore
Beth PariseauJan 17, 2025

A last-minute executive order puts more force behind #CISA #softwaresupplychain and #cybersecurity requirements for federal suppliers.

"This is their saving throw, to use a Dungeons & Dragons term -- if you get a critical hit from the dragon, you can still roll a D20 [dice] to survive. This is their chance to roll a saving throw and do what we needed at the time we first said we needed it." ~ Joshua Corman

#securesoftwaredevelopment #cybersecurity #executiveorder #softwaresecurity #SSDF #CISA #NIST #compliance #governance

https://www.techtarget.com/searchitoperations/news/366618234/Biden-order-gives-CISA-software-supply-chain-teeth

Biden order gives CISA software supply chain 'teeth'

The outgoing administration makes a Hail Mary attempt to salvage work it began in 2021 to require specific software supply chain security information from software suppliers.

TechTarget
anchoreJan 5, 2025

We just dropped our 2024 top blog roundup! FedRAMP & SSDF Attestation got major attention. If you sell to the U.S. gov, these insights will help you navigate timelines, meet requirements, and earn that trust badge.

➡️ https://anchore.com/blog/the-top-ten-list-the-2024-anchore-blog/

#FedRAMP #SSDF #Compliance

The Top Ten List: The 2024 Anchore Blog

Learn about software supply chain security, DevSecOps and compliance as the Top Content team at Anchore counts down the Top 10 blogs of 2024.

Anchore
anchoreJun 13, 2024
Stay compliant with federal software security requirements! Automate #SSDF controls with #AnchoreEnterprise's #NIST 800-218 policy pack. 💡 ➡️ https://anchore.com/nist-compliance-and-ssdf-attestation/ #Compliance #SSDFAttestation
NIST & SSDF Compliance

Explore how Anchore Federal automates security and compliance checks to meet NIST standards and SSDF attestation.

Anchore
David SabineMay 23, 2024

In my experience, #SSDF in the enterprise looks like two things:

1️⃣ more consultants
2️⃣ more checklists

Non-technical staff asking technical staff to produce a lot of documentation that, when done, did not improve the quality or security of the software.

Stewart X AddisonDec 1, 2023

My colleague Scott Fryer gave a talk at this year's @EclipseFdn 's #EclipseCon on #Adoptium's secure development practices, what we've done and what we're going to do going forward. It covers #SLSA, #SSDF, #SBoM, binary #reproducibleBuilds and keeping a heterogeneous #openSource project's infrastructure secure with #Wazuh

If some of those buzzwords have piqued your interest (or you want to know what they are) checkout his video: https://www.youtube.com/watch?v=mpEKUnX84UQ
#secureDev #CycloneDX

Secure Development at Eclipse Adoptium

YouTube