Group releases recs for improving software security

Share this article:

A task force of the National Cyber Security Partnership on Thursday released its initial recommendations for boosting software security, including patch management guidelines, improved education for software developers, and incentives.

The 123-page report comes about two weeks after two other task forces of the NCSP, a coalition of business and technology groups, released recommendations for improving cybersecurity awareness and early warning.

The task force, called "Improving Security Across the Software Development Lifecycle," suggests developing best practices that put security at the core of the software design process, adopting guiding principals for patch management to ensure patches are tested and easy to install and remove, and improving the education of software developers through the creation of a software security certification accreditation program and other efforts.

The group's recommendations for incentives include a suggestion that deviates from the market-driven approach NCSP has called for with regards to cybersecurity. The group suggests that the Department of Homeland Security and its National Cyber Security Division examine "whether tailored government action is necessary to increase security across the software development lifecycle."

While market forces and business needs are improving software security, the report states, "it is possible that national security or critical infrastructure protection may require a greater level of security than the market will provide."

Any such gap "should be filled by appropriate and tailored government action that interferes with market innovation on security as little as possible," the group notes.

The task force was co-chaired by Scott Charney and Ron Moritz, chief security strategists at Microsoft and Computer Associates, respectively. Other members included representatives from universities, vendors, and consultants.

www.cyberpartnership.org

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Beazley: employee errors root of most data breaches, but malware incidents cost ...

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Apple issues seven updates, fixes more than 40 vulnerabilities in iOS 8, OS 10.9.5

Apple issues seven updates, fixes more than 40 ...

In one of its infrequent "Update Surprisedays," Apple plugged holes, boosted security and added features.

Canadian telecom co. Telus unveils first transparency report

The company received more than 100,000 government requests for customer data last year.