Group releases recs for improving software security

Share this article:

A task force of the National Cyber Security Partnership on Thursday released its initial recommendations for boosting software security, including patch management guidelines, improved education for software developers, and incentives.

The 123-page report comes about two weeks after two other task forces of the NCSP, a coalition of business and technology groups, released recommendations for improving cybersecurity awareness and early warning.

The task force, called "Improving Security Across the Software Development Lifecycle," suggests developing best practices that put security at the core of the software design process, adopting guiding principals for patch management to ensure patches are tested and easy to install and remove, and improving the education of software developers through the creation of a software security certification accreditation program and other efforts.

The group's recommendations for incentives include a suggestion that deviates from the market-driven approach NCSP has called for with regards to cybersecurity. The group suggests that the Department of Homeland Security and its National Cyber Security Division examine "whether tailored government action is necessary to increase security across the software development lifecycle."

While market forces and business needs are improving software security, the report states, "it is possible that national security or critical infrastructure protection may require a greater level of security than the market will provide."

Any such gap "should be filled by appropriate and tailored government action that interferes with market innovation on security as little as possible," the group notes.

The task force was co-chaired by Scott Charney and Ron Moritz, chief security strategists at Microsoft and Computer Associates, respectively. Other members included representatives from universities, vendors, and consultants.

www.cyberpartnership.org

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.