CISA and NIST Release New Interagency Resource: Defending Against Software Supply Chain Attacks

Original release date: April 26, 2021A software supply chain attack—such as the recent SolarWinds Orion attack—occurs when a cyber threat actor infiltrates a software vendor’s network and employs malicious code to compromise the software before the vendor sends it to their customers. The compromised software can then further compromise customer data or systems. To help software vendors and customers defend against these attacks, CISA and the National Institute for Standards and Technology (NIST) have released Defending Against Software Supply Chain...