First there was White House cybersecurity executive order 14028, focused on the security and integrity of the software supply chain. Then there was the National Institute of Standards and Technology (NIST) two-part guidance, Special Publication 800- 218 and the Software Supply Chain Security Guidance. Next came White House Office of Management and Budget (OMB) memorandum M-22-18, with the subject line: Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. M-22-18 arrived flush with action items and, most importantly, deadlines—a few of which have already passed, and many that are approaching at a speedy clip.
And that’s just the U.S. government!
Regulations are coming, and wrangling your open source supply chain will be mandatory in 2023. Don’t worry, though! We’ve got your back.
Join us Thursday, Feb. 16 at 2 p.m. ET when Tidelift CEO and co-founder Donald Fischer details all these rules, regulations, and, most importantly, impending deadlines. He’s read all the documents we’ve listed above so you don’t have to—and he has some ideas on how to meet these deadlines.