Thank you for downloading our whitepaper: “How US Government ISVs Can Quickly Verify CISA Attestation”:
Our whitepaper covers:
- Development Environment Security: developer desktops, code repositories, and CI/CD systems must be implemented with secure controls to ensure code is being developed, checked in/out, and built in a manner that minimizes risk.
- Software Supply Chain Security: implement controls to ensure the security and integrity of open source and other third-party software.
- Code and Artifact Provenance: create and maintain provenance in order to validate that software artifacts have been sourced and built securely.
- Vulnerability Remediation: identify, disclose, and remediate vulnerabilities in a timely manner depending on risk level.