diff --git a/windows/security/threat-protection/intelligence/supply-chain-malware.md b/windows/security/threat-protection/intelligence/supply-chain-malware.md
index 82d2b453d7..38333fd918 100644
--- a/windows/security/threat-protection/intelligence/supply-chain-malware.md
+++ b/windows/security/threat-protection/intelligence/supply-chain-malware.md
@@ -48,15 +48,15 @@ To learn more about supply chain attacks, read this blog post called [attack inc
 
 ### For software vendors and developers
 
-* Take steps to ensure your apps are not compromised.
-
-* Maintain a secure and up-to-date infrastructure. Restrict access to critical build systems.
+* Maintain a highly secure build and update infrastructure.
   * Immediately apply security patches for OS and software.
-
+  * Implement mandatory integrity controls to ensure only trusted tools run.
   * Require multi-factor authentication for admins.
-
-* Build secure software update processes as part of the software development lifecycle.
-
+* Build secure software updaters as part of the software development lifecycle.
+  * Require SSL for update channels and implement certificate pinning.
+  * Sign everything, including configuration files, scripts, XML files, and packages.
+  * Check for digital signatures, and don’t let the software updater accept generic input and commands.
 * Develop an incident response process for supply chain attacks.
+  * Disclose supply chain incidents and notify customers with accurate and timely information
 
 For more general tips on protecting your systems and devices, see [prevent malware infection](prevent-malware-infection.md).
\ No newline at end of file