Group releases recs for improving software security

Share this article:

A task force of the National Cyber Security Partnership on Thursday released its initial recommendations for boosting software security, including patch management guidelines, improved education for software developers, and incentives.

The 123-page report comes about two weeks after two other task forces of the NCSP, a coalition of business and technology groups, released recommendations for improving cybersecurity awareness and early warning.

The task force, called "Improving Security Across the Software Development Lifecycle," suggests developing best practices that put security at the core of the software design process, adopting guiding principals for patch management to ensure patches are tested and easy to install and remove, and improving the education of software developers through the creation of a software security certification accreditation program and other efforts.

The group's recommendations for incentives include a suggestion that deviates from the market-driven approach NCSP has called for with regards to cybersecurity. The group suggests that the Department of Homeland Security and its National Cyber Security Division examine "whether tailored government action is necessary to increase security across the software development lifecycle."

While market forces and business needs are improving software security, the report states, "it is possible that national security or critical infrastructure protection may require a greater level of security than the market will provide."

Any such gap "should be filled by appropriate and tailored government action that interferes with market innovation on security as little as possible," the group notes.

The task force was co-chaired by Scott Charney and Ron Moritz, chief security strategists at Microsoft and Computer Associates, respectively. Other members included representatives from universities, vendors, and consultants.

www.cyberpartnership.org

Share this article:

Sign up to our newsletters

More in News

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Study: Asian Android users at higher risk of malware exposure

Cheetah Mobile's new study showed that Asian Android users have a two to three times greater risk of downloading malware onto their devices.