White House releases post-SolarWinds federal software security requirements

Agencies will require software vendors to self-certify that they’re following secure development practices under new White House guidance, but it leaves the door open for departments to mandate third-party security assessments as well. The new guidance from the Office of Management and Budget, “Enhancing the Security of the Software Supply Chain through Secure Software Development Practices,” stems from last year’s cybersecurity executive order.