The recently published NIST SSDF Recommendations can seem intimidating; the good news is that the open source project Sigstore can help you and your team meet many of the recommendations.…
This is the first article in a five-part series on the recently published NIST 800-218 ‘The Secure Software Development Framework (SSDF): Recommendations for Mitigating the Risk of Software Vulnerabilities’ Although the software development lifecycle (SDLC) has been around for a while, few SDLC models explicitly address software security in detail.…