Published by the National Institute of Standards and Technology (NIST), the so-called Secure Software Development Framework (SSDF) is a “special publication” (800-218) containing recommendations for mitigating the risk of software security flaws. Created in the wake of the infamous SolarWinds attacks, the documentation should theoretically help US federal agencies, software developers and vendors to deploy a more secure and trustworthy supply chain in the United States.