<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1076912843267184&amp;ev=PageView&amp;noscript=1">

Special Report

C-SCRM and Supply Chain Security Guidance Learn about the Cyber Supply Chain Risk Management office — and all orders and federal guidance on the software supply chain

Thought Leadership


How C-SCRM could fill the gaps on supply chain security

Matt Rose explains how the new CISA office could make a big difference — and even lead to a new discipline dedicated to software supply chain security.

Read Post



Less talk, more action: High hopes for CISA's C-SCRM software supply chain security office

CISA's C-SCRM office turns a page on a busy 2022 for federal supply chain directives and guidance. Ericka Chickowski asks top experts if it will move the needle.

Read Analysis



C-SCRM: Much-needed definition for supply chain policy, processes

In this episode, Matt shares why CISA's new Cyber Supply Chain Risk Management (C-SCRM) office — which will help to operationalize both industry and government efforts on software supply chain security — is key to maturity.
See Explainer



C-SCRM: We’re from the government — and we’re here to help with software supply chain security

Supply chain risk management guidance is incoming, like it or not. Richi Jennings rounds up initial reactions in Secure Software Blogwatch.

Read Blogwatch

News Analysis


Enduring Security Framework guidelines: A roadmap for the post-SolarWinds world

New federal guidance codifies lessons from the SolarWinds hack, including for securing third-party code and development pipelines. A software bill of materials (SBOM) is central. Paul Roberts reports four key takeaways.
Read Report

Federal Mandates


New supply chain mandates: Uncle Sam wants you (to secure your software)!

Paul Roberts reports about the key elements of Executive Order 14028, and software supply chain security guidance from the Enduring Security Framework working group. 
Read Report

Guidance Timeline


A timeline of federal guidance on software supply chain security

The U.S. federal government has been busy crafting policy around software security, which includes mandates for government vendors. Carolynn van Arsdale rounds up the major ones your team should pay attention to.

See Timeline

Special Report Package

The State of Software Supply Chain Security 2022-23

The State of Software Supply Chain Security 2022-23

Understand the major software supply chain security trends from 2022 — and what lies ahead in 2023. Download our full report, see the Webinar, and learn more.
See Report