Join top executives in San Francisco on July 11-12 to hear how leaders are integrating and optimizing AI investments for success. Learn more
Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the National Security Agency (NSA) and cybersecurity authorities in Australia, Canada, the United Kingdom, Germany, the Netherlands and New Zealand have released new ones accompaniment urging software manufacturers to take the necessary steps to ship products that are designed to be secure “out of the box”.
The guidance, a report titled “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default,” aims to “encourage every technology manufacturer to build its products so that customers don’t have to constantly perform monitoring, routine updates and damage mitigation on their systems.”
>>Don’t miss our latest special issue: Data centers in 2023: doing more with less.<
It also outlines steps organizations can take to implement secure-by-design and secure-by-default approaches, which are critical to minimizing vulnerabilities and bugs before they are released to market, so that software remains resistant to abuse by threat actors.
“Building security into the design process is not only good practice, it is also very effective in reducing software errors before they reach the consumer. The challenge, however, is for organizations to adopt these practices without impacting the business, as this process takes time and requires resources that can impact the bottom line,” said Ray Kelly, fellow at Synopsys Software Integrity Group.
The report comes less than a year after the EU Cyber Resilience Actwhich aimed to codify a cybersecurity framework for hardware and software manufacturers to improve the security of products during the design and development phase.
Both the Cyber Resilience Act and the new guidelines from CISA emphasize that there is an industry-wide shift from placing the security burden on end-user organizations and customers to making software vendors more transparent and responsible for the level of bugs and vulnerabilities in released products.
VentureBeat’s mission is to become a digital city plaza where tech decision makers can learn about transformative business technology and execute transactions. Discover our Briefings.