HomeCII/OTEmbedding Security by Design: The Responsibility We Share

Embedding Security by Design: The Responsibility We Share

Published on

spot_img

There is a growing demand for software to be secure by design, as cybersecurity breaches continue to pose a threat to individuals and businesses. In response to this need, the US Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with cybersecurity authorities from Australia, Canada, the United Kingdom, Germany, the Netherlands, and New Zealand, have released guidelines aimed at supporting software makers to “embed security-by-design and by-default.”

These guidelines call on software developers to use threat modeling at the design stage, in order to identify potential security and privacy issues before code is written. However, there are several barriers to achieving this goal, including a lack of technical knowledge and experience among developers, a lack of clarity over where responsibility lies for security at the design stage, and the impracticality of traditional approaches to threat modeling for large-scale software development projects.

To address these barriers, it is crucial for development and security teams to work together closely from the very beginning of the software development process, with threat modeling embedded as a community practice with shared responsibility. Additionally, automation of the threat modeling process can make this task more feasible for large-scale development projects.

One of the biggest challenges facing software developers is the sheer volume and complexity of software architecture, which is transforming every sector of the economy. As a result, developers often feel pressure to get their products to market quickly, and may be incentivized to take shortcuts on security.

Supply chain attacks are also a growing concern, as the increasing complexity of supply chains makes it difficult to predict how different pieces of software will interact. For example, businesses such as Air France, KLM, and Nissan have all been affected by supply chain attacks in the past year.

To address these challenges, secure design should be seen as a fundamental part of software development, with developers and security teams working together from the very beginning of the process to identify and address potential security and privacy issues. By implementing these guidelines and embedding threat modeling as a shared community practice, software developers can help to ensure that their products are secure from the outset, rather than relying on end-of-process security testing tools that may miss more complex flaws in the design of an application.

Source link

Latest articles

Phishing for Beginners: Forg365 Reduces Barriers to M365 Account Takeovers

Recent developments in cybercrime have given rise to a new service that is raising...

The AI Supply Chain: A New Unguarded Attack Surface

Consuming AI: Inheriting Hidden Risks In a rapidly digitizing world, organizations are increasingly turning to...

Google Dialogflow CX Rogue Agent Flaw Resolved

A recently discovered severe security vulnerability in Google's Dialogflow CX, known as "Rogue Agent,"...

Frontier AI and Identity Security in Financial Services Webinar

Paul Leonhirth: A Visionary in the Financial Services Sector Paul Leonhirth serves as the Global...

More like this

Phishing for Beginners: Forg365 Reduces Barriers to M365 Account Takeovers

Recent developments in cybercrime have given rise to a new service that is raising...

The AI Supply Chain: A New Unguarded Attack Surface

Consuming AI: Inheriting Hidden Risks In a rapidly digitizing world, organizations are increasingly turning to...

Google Dialogflow CX Rogue Agent Flaw Resolved

A recently discovered severe security vulnerability in Google's Dialogflow CX, known as "Rogue Agent,"...