A new type of supply chain attack is emerging, where vulnerabilities in third-party software can compromise a larger network of users. The NIST has introduced the Secure Software Development Framework, which outlines 40 best practice controls to enhance security in software development. Organizations providing software to U.S. government agencies must attest to meeting these standards, ensuring they have plans in place to address any deficiencies.
