Experts Say CISA's Software Attestation Form Lacks Key Parts

Form Does Not Include Mandates for Memory-Safe Programming Requirements, SBOMs
Experts told ISMG a final version of the Cybersecurity and Infrastructure Security Agency's self-attestation form for federal software providers takes bold steps to ensure new technologies are made with "secure by design" principles but lacks critical components that should come in future versions.

agency attestation cisa components critical cybersecurity design experts federal future infrastructure infrastructure security key memory parts principles programming requirements safe security software technologies version