Once seen as only peripheral to cybersecurity planning, software security has recently emerged as a top priority for policymakers, businesses, and users around the world, said officials from the National Institute of Standards and Technology.
As the collective understanding of cybersecurity has grown, organizations have come to recognize the central role secure design and development plays in protecting the software that powers the information technology infrastructure the world relies on. Unfortunately, software security discussions have been hampered by inconsistent terminology, lack of clarity around best practices, and a sense that only the most technically inclined could ever really make sense of the process, NIST said in a release. However, a new software development framework from NIST is poised to change all that.
Much like it did with its Cybersecurity Framework, NIST has brought together what it has learned about software security over the past 20 years and created a secure software development framework (SSDF) that can get everyone talking from the same playbook. The framework builds on SAFECode’s publications on secure development best practices, the BSA Framework for Secure Software, and other industry contributions to deliver a core set of high-level secure software development practices that help ensure that software is secure by design.
Software producers who follow these practices can reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to achieve continuous improvement of software security. Software consumers can use the framework to confidently build their security requirements and apply them as applicable to their software acquisition processes.
The webinar is hosted by NIST’s National Cybersecurity Center of Excellence (NCCoE).
Please register here to join BSA and SAFECode along with government and industry panelists in a virtual roundtable discussion on Tuesday, June 23 from 11 a.m. to 1 p.m. to learn about the SSDF and hear about its practical applications for product developers, public and private sector customers, and the future of product certifications and labeling.
Questions about this session should be directed to BSA’s Tommy Ross (firstname.lastname@example.org) or SAFECode’s Steve Lipner (email@example.com).