Amid a feverish cybersecurity environment, there is a growing chorus for software to be secure by design. In April, the US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), aligned with the cybersecurity authorities of Australia, Canada, the United Kingdom, Germany, the Netherlands, and New Zealand to create guidelines aimed at supporting software manufacturers to "embed security-by-design and by-default."
In this new paper, the agencies call on software makers to deploy threat modeling at the design stage. These guidelines follow fast on the news that the US government will legislate to introduce liability for software makers to secure the products they manufacture.
All software developers want to build secure software, so why is it so difficult to do, what does effective security by design look like, and what needs to change to embed it in the software development process?
The Challenge
The sheer prevalence of cybersecurity breaches is evidence of the huge challenge faced by developers trying to build secure software. Striving to get their products to market quickly, software manufacturers are incentivized to take shortcuts on security. And the challenge of designing secure software is becoming more difficult as software architecture grows in complexity, with every sector of the economy being transformed by software. The recent intention of the White House to hold vendors accountable for poor software security could be seen as an attempt to correct the current market incentives.
This is especially the ..
Support the originator by clicking the read the rest link below.
