NIST advisors debating the merits of OMB’s policy on software vendors’ “self-attestation” to secure development practices found common ground on a need for audits and testing.
Article Link: Agencies Shouldn’t 'Just Trust' Software Vendors' Security Assurances, IG Warns - Nextgov