Seventeen cybersecurity and defense agencies from different countries joined the U.S. Cybersecurity and Infrastructure Security Agency in updating a guidance on the implementation of secure-by-design principles in software development.
The joint guidance was revised based on input from individuals, nonprofit organizations and industry members working to bolster manufacturers’ commitment to creating products that defend consumers against malicious activity, CISA said Monday.
The document was first released in April 2023 and backed by FBI, National Security Agency and authorities representing Australia, Canada, Germany, Netherlands, New Zealand and the United Kingdom. It discusses how software vendors can use their products’ security features to gain competitive edge and encourage customers to ask for secure-by-design-made systems.
The new version includes recommendations from government agencies in the Czech Republic, Israel, Japan, Korea, Norway and Singapore. It also contains insights from the Network of Government Cyber Incident Response Teams of the Member States of the Organization of American States.
“Thanks to the feedback of hundreds of partners, we have revised this guidance to focus even more on how companies can demonstrate their commitment to secure by design principles,” CISA Director Jen Easterly remarked.
“To achieve the National Cybersecurity Strategy’s goal of rebalancing the responsibility in cyberspace, customers need to be able to demand more from their vendors – and this joint guidance gives them the tools to do exactly that,” added Easterly, a 2023 Wash100 awardee.
Distinguished public and private sector speakers will shine a light on cyber and other aspects of national security at the Potomac Officers Club’s 2023 Homeland Security Summit. Register now to participate in the Nov. 15 event.
