<description>&lt;p dir="auto"&gt;&lt;a href="https://infosec.exchange/@joshbressers" rel= "nofollow"&gt;Josh&lt;/a&gt; and &lt;a href= "https://infosec.exchange/@kurtseifried" rel="nofollow"&gt;Kurt&lt;/a&gt; talk about the new SSDF attestation form from CISA. The current form isn't very complicated, and the SSDF has a lot of room for interpretation. But this is the start of something big. It's going to take a long time to see big changes in supply chain security, but we're confident they will come.&lt;/p&gt; &lt;h2 dir="auto"&gt;Show Notes&lt;/h2&gt; &lt;ul dir="auto"&gt; &lt;li&gt;&lt;a href= "https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form" rel="nofollow"&gt;Secure Software Development Attestation Form&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href= "https://nationalinterest.org/blog/reboot/us-military-missing-six-nuclear-weapons-180032" rel="nofollow"&gt;The U.S. Military Is Missing Six Nuclear Weapons&lt;/a&gt;&lt;/li&gt; &lt;li&gt;&lt;a href="https://csrc.nist.gov/pubs/sp/800/218/final" rel= "nofollow"&gt;NIST 800-218&lt;/a&gt;&lt;/li&gt; &lt;/ul&gt;</description>

Open Source Security Podcast

Josh Bressers & Kurt Seifried

Episode 421 - CISA's new SSDF attestation form

MAR 25, 202441 MIN
Open Source Security Podcast

Episode 421 - CISA's new SSDF attestation form

MAR 25, 202441 MIN

Description

Josh and Kurt talk about the new SSDF attestation form from CISA. The current form isn't very complicated, and the SSDF has a lot of room for interpretation. But this is the start of something big. It's going to take a long time to see big changes in supply chain security, but we're confident they will come.

Show Notes