How the NIST Secure Software Development Framework impacts open source software

Over the last two years, the U.S. government has been extremely active developing strategies and policies with the intent of improving cybersecurity for our government and for our nation’s citizens and businesses. 

At Tidelift, we’ve focused on helping organizations that use open source to build applications understand how these new initiatives will impact their work (you can get caught up on our coverage at our government open source cybersecurity resource center).

Here’s a quick summary: 

• May 2021: the White House issued Executive Order 14028 on improving our nation’s cybersecurity, which set in motion many of the efforts that followed.
• February 2022: as directed by the Executive Order, the National Institute of Standards and Technology (NIST) published NIST Secure Software Development Framework (SSDF), SP 800-218 and the NIST Software Supply Chain Security Guidance.

Join us Tuesday, April 18 at 2 p.m. ET when Lauren Hanford, Tidelift VP of product, and Kanish Sharma sit down to discuss the NIST Secure Software Development Framework and share ways organizations can actually follow its guidance, specifically highlighting considerations for the open source software on which all modern software is built.