The Center for Internet Security, Inc. and the Software Assurance Forum for Excellence in Code (SAFECode) have released a joint white paper, Secure by Design: A Guide to Assessing Software Security Practices, to help software development organizations meet growing national and international expectations for secure software.
The publication addresses a long-standing gap in cybersecurity: the lack of practical, evaluable, and aligned guidance for building software that is secure by design. It offers actionable steps for developers, end users, and government bodies to assess and improve software security practices across six key areas: secure software design, secure development, secure default configuration, supply chain security, code integrity, and vulnerability remediation.
Cyber Technology Insights : Keeper Security and Microsoft Sentinel Join Forces to Combat Credential and Privilege Misuse
“Secure by Design is more than a slogan; it’s a responsibility,” said Curtis Dukes, Executive Vice President and General Manager of Security Best Practices at CIS. “This guide gives developers and organizations a clear path to implement secure software practices that are both effective and adaptable across different environments.”
The guide builds on NIST’s Secure Software Development Framework (SSDF) and incorporates SAFECode’s Development Groups (DGs) model to tailor recommendations to organizations of varying maturity levels. It also maps practices to the CIS Critical Security Controls® (CIS Controls®) and identifies responsible roles and artifacts to demonstrate compliance. The paper includes a dedicated section on the security implications of artificial intelligence and machine learning (AI/ML), offering insights into emerging risks and considerations.
“By combining the strengths of CIS, SAFECode, and a community of experts, we’ve created a resource that helps developers move from principles to practice,” said Steve Lipner, Executive Director of SAFECode. “This guide supports risk-based decision-making and helps organizations meet the expectations of initiatives like CISA’s Secure by Design and the EU Cyber Resilience Act.”
Cyber Technology Insights : True Expands with Launch of Cybersecurity and Defense Tech Practice
The guide responds to the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design initiative and supports the mandates related to software security that are outlined in Executive Order 14306, SUSTAINING SELECT EFFORTS TO STRENGTHEN THE NATION’S CYBERSECURITY AND AMENDING EXECUTIVE ORDER 13694 AND EXECUTIVE ORDER 14144, and the relevant portions of Executive Order 14028.
Organizations adopting the practices outlined in the guide may also benefit from existing State safe harbor provisions and compliance frameworks that recognize the use of CIS Controls and NIST SSDF. The guide reinforces the shared responsibility of software developers to deliver secure systems and empowers end users to evaluate software security with confidence.
Cyber Technology Insights : Noma Security Unveils Industry’s First Agentic Risk Map to Secure Autonomous AI Agents
Source: businesswire
To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com
