HomeCII/OTEmbedding Security by Design: The Responsibility We Share

Embedding Security by Design: The Responsibility We Share

Published on

spot_img

There is a growing demand for software to be secure by design, as cybersecurity breaches continue to pose a threat to individuals and businesses. In response to this need, the US Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with cybersecurity authorities from Australia, Canada, the United Kingdom, Germany, the Netherlands, and New Zealand, have released guidelines aimed at supporting software makers to “embed security-by-design and by-default.”

These guidelines call on software developers to use threat modeling at the design stage, in order to identify potential security and privacy issues before code is written. However, there are several barriers to achieving this goal, including a lack of technical knowledge and experience among developers, a lack of clarity over where responsibility lies for security at the design stage, and the impracticality of traditional approaches to threat modeling for large-scale software development projects.

To address these barriers, it is crucial for development and security teams to work together closely from the very beginning of the software development process, with threat modeling embedded as a community practice with shared responsibility. Additionally, automation of the threat modeling process can make this task more feasible for large-scale development projects.

One of the biggest challenges facing software developers is the sheer volume and complexity of software architecture, which is transforming every sector of the economy. As a result, developers often feel pressure to get their products to market quickly, and may be incentivized to take shortcuts on security.

Supply chain attacks are also a growing concern, as the increasing complexity of supply chains makes it difficult to predict how different pieces of software will interact. For example, businesses such as Air France, KLM, and Nissan have all been affected by supply chain attacks in the past year.

To address these challenges, secure design should be seen as a fundamental part of software development, with developers and security teams working together from the very beginning of the process to identify and address potential security and privacy issues. By implementing these guidelines and embedding threat modeling as a shared community practice, software developers can help to ensure that their products are secure from the outset, rather than relying on end-of-process security testing tools that may miss more complex flaws in the design of an application.

Source link

Latest articles

108GB Database of Medical and Employment Records from HealthTech Company Exposed

In a recent cybersecurity incident, a misconfigured database containing 108.8 GB of sensitive data...

Cybercrime awareness training provided to ex-servicemen in Thoothukudi

A training session on cybercrime was recently organized for ex-servicemen and their families in...

Friday Squid Blogging: SQUID Band – Source: www.schneier.com

In an innovative twist on traditional bagpipe and drum bands, SQUID is making waves...

360 Privacy Secures $36M Funding to Expand Threat Protection Services

360 Privacy, a digital executive protection platform, has recently secured a significant investment of...

More like this

108GB Database of Medical and Employment Records from HealthTech Company Exposed

In a recent cybersecurity incident, a misconfigured database containing 108.8 GB of sensitive data...

Cybercrime awareness training provided to ex-servicemen in Thoothukudi

A training session on cybercrime was recently organized for ex-servicemen and their families in...

Friday Squid Blogging: SQUID Band – Source: www.schneier.com

In an innovative twist on traditional bagpipe and drum bands, SQUID is making waves...