all InfoSec news
Federal CI/CD security guidance: Been there, done that
Malware Analysis, News and Indicators - Latest topics malware.news
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) are telling development organizations to tighten up the security of their development pipelines or face the risk of damaging software supply chain attacks.
The two federal agencies issued a Cybersecurity Information Sheet (PDF link below) late last month that provides recommendations for securing CI/CD (continuous integration/continuous delivery) systems.
“The CI/CD pipeline is a distinct and separate attack surface from other segments of the software supply chain. …
agency attacks cd security cisa cybersecurity development federal federal agencies guidance information infrastructure infrastructure security link national national security national security agency nsa organizations pdf pipelines risk security security guidance software software supply chain software supply chain attacks supply supply chain supply chain attacks