An Assurance-Based Approach to Minimizing Risks in the Software Supply Chain.

The new report provides actionable recommendations for minimizing the risk of vulnerabilities being inserted into a software product during its sourcing, development and distribution.
http://safecode.org/wp-content/uploads/2018/01/SAFECode_Software_Integrity_Controls0610.pdf 2.3M