Scribe Security, a leader in software supply chain security and continuous assurance, is proud to announce its participation in the U.S. National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) DevSecOps project: “Secure Software Development, Security, and Operations (DevSecOps) Practices”
This major initiative, detailed here, aims to demonstrate how organizations can integrate secure software development practices and comply with key industry frameworks, such as NIST SP 800-218 (SSDF), within DevSecOps workflows. The project brings together industry leaders and technology providers to build practical, open, and standards-based reference architectures that can be replicated across the public and private sectors.
Scribe Security is contributing its expertise and platform capabilities, including SBOM management, continuous security attestation, and SDLC policy-as-code enforcement, to help shape the guidance that will soon be published by NIST. This work supports organizations in addressing evolving regulatory mandates (e.g., EO 14028, FedRAMP, CRA, FDA, PCI-DSS 4.0) while strengthening the trust, transparency, and resilience of their software development pipelines.
“We’re honored to collaborate with NIST and the NCCoE in defining and operationalizing secure software development practices that will have a lasting impact on the industry,” said Danny Nebenzahl, CTO of Scribe Security. “At Scribe, we believe that continuous code assurance, powered by signed evidence, automation of SDLC governance and compliance into DevOps toolchains, and intelligent AI-agentic AppSec and DevSecOps workflows, is the key to building secure-by-design software at scale.”
The results of this collaborative project will be published in a NIST Special Publication, helping DevSecOps practitioners and product security teams across industries adopt real-world solutions for software integrity, vulnerability management, and compliance.
Also Read: Containerized Network Functions (CNFs) for Agile WAN Deployment at the Enterprise Edge
[To share your insights with us, please write to psen@itechseries.com ]
