Home CISA seeks comment on secure-by-design principles

CISA seeks comment on secure-by-design principles

Dec. 22 – The Cybersecurity and Infrastructure Security Agency (CISA) is seeking input on its global initiative to improve software security through changes to software development best practices.

A Request for Information (RFI), released on Wednesday, aims to distill how to most effectively incorporate cyber security into the software development lifecycle.

CISA is most interested in how to address recurring software vulnerabilities, how to implement security into higher education, and how to enhance security in operational technologies, along with the cost-implementation relationship.

Embracing secure by design

As part of a larger effort on the part of the Biden administration to make security a core element of software development, CISA has actively promoted secure-by-design principles.

This comes as a response to the fact that numerous hackers have launched cyber attacks by exploiting critical software vulnerabilities that remained exposed; either because customers continued to use older software version or because they didn’t apply emergency security patches. Major companies have been victims of breaches on account of this vicious hacker-customer cycle.

Critical support

According to a source familiar with the secure-by-design guidelines, software manufacturers have expressed support for it. Nonetheless, CISA is still looking for more formal input.

In early December, IT-ISAC published a whitepaper indicating that cloud and critical SaaS providers embrace secure-by-default design models.

The hope is for everyone to work towards stronger cyber security outcomes.

For more software security insights, please see the following resources

  • 9 top tips: How to avoid downloading malicious code – Learn more
  • Log4Shell continues to threaten organizations – Get article
  • DevSecOps: Deploying new applications without jeopardizing security – Product info