There is a growing demand for software to be secure by design, as cybersecurity breaches continue to pose a threat to individuals and businesses. In response to this need, the US Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with cybersecurity authorities from Australia, Canada, the United Kingdom, Germany, the Netherlands, and New Zealand, have released guidelines aimed at supporting software makers to “embed security-by-design and by-default.”
These guidelines call on software developers to use threat modeling at the design stage, in order to identify potential security and privacy issues before code is written. However, there are several barriers to achieving this goal, including a lack of technical knowledge and experience among developers, a lack of clarity over where responsibility lies for security at the design stage, and the impracticality of traditional approaches to threat modeling for large-scale software development projects.
To address these barriers, it is crucial for development and security teams to work together closely from the very beginning of the software development process, with threat modeling embedded as a community practice with shared responsibility. Additionally, automation of the threat modeling process can make this task more feasible for large-scale development projects.
One of the biggest challenges facing software developers is the sheer volume and complexity of software architecture, which is transforming every sector of the economy. As a result, developers often feel pressure to get their products to market quickly, and may be incentivized to take shortcuts on security.
Supply chain attacks are also a growing concern, as the increasing complexity of supply chains makes it difficult to predict how different pieces of software will interact. For example, businesses such as Air France, KLM, and Nissan have all been affected by supply chain attacks in the past year.
To address these challenges, secure design should be seen as a fundamental part of software development, with developers and security teams working together from the very beginning of the process to identify and address potential security and privacy issues. By implementing these guidelines and embedding threat modeling as a shared community practice, software developers can help to ensure that their products are secure from the outset, rather than relying on end-of-process security testing tools that may miss more complex flaws in the design of an application.