Wind River Achieves Major Product Security Milestone: Attestation to U.S. Government Secure Software Development Practices

Wind River is proud to highlight a significant milestone in our secure software development practices.  In June, we attested to the Cybersecurity and Infrastructure Security Agency (CISA) that our products are securely designed in accordance with the Secure Software Development Framework (SSDF) set by the National Institute of Standards and Technology (NIST).  This is a culmination of Wind River’s longstanding commitment to security and underscores our established reputation for building transparency and customer trust in our software. 

The Regulatory Landscape

Released by CISA in March, the Secure Software Attestation Form requires companies who produce software used by the federal government to attest to their compliance with the SSDF outlined by NIST in Special Publication (SP) 800-218.  It is an essential piece of a broader U.S. government effort to fortify the security and integrity of the software supply chain.  The requirement derives from the President’s 2021 Executive Order on Improving the Nation’s Cybersecurity (EO 14028) and two subsequent Office of Management and Budget memoranda (M-22-18 and M-23-16).

As a producer of critical software, Wind River met the deadline to submit our attestations to CISA’s Repository for Software Attestations and Artifacts (RSAA) within 90 days of CISA’s release of the form.  Federal agencies can now readily view the software attestations for VxWorks, Helix Virtualization Platform (HVP) Cert, Wind River Linux, Wind River Diab Compiler, and Simics (provided by Intel) through the RSAA platform.

Wind River’s Commitment to Secure Software Development

The submission of Wind River’s SSDF attestations to CISA verifies that we have implemented robust security practices throughout the software development lifecycle, including rigorous threat modeling, secure coding practices, continuous monitoring, and vulnerability assessments.  By aligning to the NIST SP 800-218 principles to prepare the organization, protect the software, produce well-secured software, and respond to vulnerabilities across all our products, all Wind River customers benefit from the assurance that our products have been developed with security at the forefront of our design.

This proactive approach not only enhances the security of Wind River’s products, but also reinforces our reputation as a trusted software provider to customers across industries and emphasizes our unwavering commitment to ensuring that our products meet the highest standards of cyber security and regulatory compliance.

Wind River also provides Secure Software Development Conformance statements to all of our supported customers.  These statements provide customers with supply chain and component assurance that supports their industry-specific integrations, compliances, and certifications across many SDL standards and industries.

For more information about Wind River’s Secure Development Lifecycle, visit our Security Center or read our prior blog posting on the topic.