SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIST SSDF
Browse NIST SSDF
PW.4.1: Secure Component Acquisition
PW.4.2: Secure Component Creation
PW.4.4: Supplier Assessment
Supplier Assessment
PW.4.4: Verify that acquired commercial, open-source, and all other third-party software components comply with the requirements, as defined by the organization, throughout their life cycles.
  • Example 1: Regularly check whether there are publicly known vulnerabilities in the software modules and services that vendors have not yet fixed.
  • Example 2: Build into the toolchain automatic detection of known vulnerabilities in software components.
  • Example 3: Use existing results from commercial services for vetting the software modules and services.
  • Example 4: Ensure that each software component is still actively maintained and has not reached end of life; this should include new vulnerabilities found in the software being remediated.
  • Example 5: Determine a plan of action for each software component that is no longer being maintained or will not be available in the near future.
  • Example 6: Confirm the integrity of software components through digital signatures or other mechanisms.
  • Example 7: Review, analyze, and/or test code. See PW.7.1, PW.7.2, PW.8.1 and PW.8.2.
CMMI Maturity
Not Applicable - Not applicable
Level 1: Initial - Unpredictable and reactive. Work gets completed but is often delayed and over budget.
Level 2: Managed - Managed on the project level. Projects are planned, performed, measured, and controlled.
Level 3: Defined - Proactive, rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios.
Level 4: Quantitatively Managed - Measured and controlled. Organization is data-driven with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.
Level 5: Optimized - Stable and flexible. Organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization’s stability provides a platform for agility and innovation.
Description

Verify that acquired commercial, open-source, and all other third-party software components comply with the requirements, as defined by the organization, throughout their life cycles.