|
Work item:
|
X.st-ssc
|
|
Subject/title:
|
Security threats of software supply chain
|
|
Status:
|
Under study [Issued from previous study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2025-04 (Medium priority)
|
|
Liaison:
|
ISO/IEC JTC 1/SC 27, ETSI
|
|
Supporting members:
|
Korea (Republic of), Malaysia, Ghana, Luxembourg, ETRI, KISA, Soonchunhyang University
|
|
Summary:
|
In recent years there has been a significant increase in the number of cyber attacks resulting from vulnerabilities within the software supply chain including open-source and closed-source software. These attacks can result in devastating, expensive and long-term ramifications for affected organizations, their supply chains and their customers.
To address these threats, there is a need for identifying security threats in the software development life cycle. It also needs to identify all related stakeholders. These threats can be used to develop the controls in the software development life cycle.
This Recommendation can be used by many organizations who need to gain confidence or assurance that controls are in place for vulnerabilities associated with software development life cycle with suppliers.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2023-03-06 11:34:51
|
|
Last update:
2024-09-18 11:26:48
|
