Does your organization sell software to the U.S. government? The U.S. government has announced a new requirement that will mandate that its software suppliers self attest that they follow the secure software development practices outlined in the NIST Secure Software Development Framework (SSDF).
Dates for compliance are approaching soon (likely Q4 2023 for critical software and Q1 2024 for all other software), and organizations that do not meet compliance deadlines may risk losing valuable government contracts.
Tidelift is the only source for first-party attestation data from the maintainers behind thousands of open source packages that go into your software, aligned to the U.S. government’s NIST Secure Software Development Framework (SSDF) standards. In addition, we provide: