Created by the Enduring Security Framework (ESF), a cross-sector working group seeking to mitigate the risks threatening the critical infrastructure and national security, the guidance provides recommendations for developers, suppliers, and organizations.

In September, the three US agencies released the first part of the series, which included recommendations for developers looking to improve the software supply chain’s security.

The second part of the series, Securing the Software Supply Chain: Recommended Practices Guide for Suppliers (PDF), contains information on the best practices and standards that software supplies should adopt to ensure software security from production through delivery.