Group releases recs for improving software security

Share this article:

A task force of the National Cyber Security Partnership on Thursday released its initial recommendations for boosting software security, including patch management guidelines, improved education for software developers, and incentives.

The 123-page report comes about two weeks after two other task forces of the NCSP, a coalition of business and technology groups, released recommendations for improving cybersecurity awareness and early warning.

The task force, called "Improving Security Across the Software Development Lifecycle," suggests developing best practices that put security at the core of the software design process, adopting guiding principals for patch management to ensure patches are tested and easy to install and remove, and improving the education of software developers through the creation of a software security certification accreditation program and other efforts.

The group's recommendations for incentives include a suggestion that deviates from the market-driven approach NCSP has called for with regards to cybersecurity. The group suggests that the Department of Homeland Security and its National Cyber Security Division examine "whether tailored government action is necessary to increase security across the software development lifecycle."

While market forces and business needs are improving software security, the report states, "it is possible that national security or critical infrastructure protection may require a greater level of security than the market will provide."

Any such gap "should be filled by appropriate and tailored government action that interferes with market innovation on security as little as possible," the group notes.

The task force was co-chaired by Scott Charney and Ron Moritz, chief security strategists at Microsoft and Computer Associates, respectively. Other members included representatives from universities, vendors, and consultants.

www.cyberpartnership.org

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.