Scribe Security Harnesses Its Software Trust Hub to Support CISA's Secure Software Development Attestation Form

Scribe Security has announced that its customers can now attest to their secure SDLC practices to demonstrate compliance

TEL AVIV, Israel, Oct. 24, 2023 /PRNewswire/ -- Scribe Security, a leading software supply chain security provider, announced today that its solution now enables organizations to validate their commitment to secure Software Development Lifecycle (SDLC) practices in alignment with CISA's Secure Software Development Attestation Form. Scribe's attestation-based platform automatically gathers and authenticates evidence, providing organizations with essential proof of adherence to CISA's stringent security standards and ensuring a safe harbor when signing the CISA Attestation Form.

In an era of stricter regulations and best practices, the onus is on software producers to attest to the integrity of their SDLC practices. This shift in the landscape of software supply chain security necessitates a commitment to rigorous security measures, all while maintaining development efficiency.

Proposed by the DHS, CISA, the Secure Software Development Attestation Form is a vital component of the OMB's M-23-16 memo and a direct outcome of Executive Order 14028 (EO14028). It requires company leadership to endorse compliance with the form's stringent requirements, assuring that they can substantiate their commitment with the appropriate evidence in the event of a software supply chain attack. For many software providers serving the federal government, full compliance is expected as early as 2024.

"Safeguarding software products against cyber threats and vulnerabilities without hindering development speed is critical to almost every organization," says Rubi Arbel, Scribe Security Co-founder and CEO. "Scribe has evolved to be an ideal solution for organizations that need to meet high rigor in securing SDLCs and compliance requirements such as the Secure Software Development Attestation Form."

Scribe generates authenticated evidence throughout the software development lifecycle, enabling organizations to enforce SDLC policies effectively. These attestations are securely stored in a dedicated data lake, ensuring a seamless and continuous mechanism for generating the requisite evidence to meet CISA's Secure Software Development Attestation Form compliance standards.

About Scribe Security

Scribe Security was founded by cybersecurity and cryptography veterans dedicated to delivering a comprehensive software supply chain security solution driven by verifiable evidence. The Scribe Trust Hub, a Software as a Service (SaaS) solution, offers transparency, control, and trust for both software producers and consumers. This evidence-based security hub supports workflows for generating and sharing SBOMs, vulnerabilities, code integrity, SDLC governance, and compliance, enhancing the security and trustworthiness of software products. For more information, visit https://scribesecurity.com/ 

Media Contact:
Lilach Bar-Tal
[email protected] 

SOURCE Scribe Security