Software supply chain risk management (SCRM) has been a topic of discussion across the Energy industry since FERC first indicated its intent to update the Supply Chain Risk Management regulations with a forthcoming order, Docket RM24-4-000. An open meeting was held on March 20 at FERC to discuss FERC's SCRM concerns with vendor attestations in detail. FERC may want to consider the good work underway at NASA, GSA and the recommendations in Executive Order 14144 to address software assurance through effective cyber supply chain risk management best practices
Now the Department of Defense has also announced plans to implement programs to ensure that the DoD is acquiring and using trustworthy software products - Click Ream More below for details.