NCCoE Announces Technology Collaborators for Software Supply Chain and DevOps Security Practices Project
The National Cybersecurity Center of Excellence (NCCoE) will be joined by the following technology collaborators in the Software Supply Chain and DevOps Security Practices Project:
- Black Duck
- Dell Technologies
- DigiCert
- Endor Labs
- GitLab
- IBM
- Microsoft
- Scribe Security
These collaborators will work with the NCCoE Project Team, focusing on developing an applied risk-based approach and recommendations for secure DevOps and software supply chain practices. The project provides implementation guidance for the NIST SP 800-218 Secure Software Development Framework (SSDF). The project will apply these DevSecOps practices to proof-of-concept use-case scenarios, which can help organizations identify, assess, and mitigate cybersecurity risks posed by the software supply chain.
Each of these organizations responded to a notice in the Federal Register to submit capabilities that aligned with desired solution characteristics for the project. The accepted collaborators were extended a Cooperative Research and Development Agreement (CRADA), enabling them to participate in a consortium in which they will contribute expertise and hardware or software to help refine a reference design and build example solutions.
To learn more about this project, visit the Software Supply Chain and DevOps Security Practices project page.
To receive news and information about our progress, please join the Community of Interest.