Once seen as only tangential to cybersecurity planning, software security has recently emerged as a top priority for policymakers, businesses, and users around the world. As our collective understanding of cybersecurity has grown, we have come to recognize the central role secure design and development plays in protecting the software that powers our world. Unfortunately, software security discussions have long been hampered by inconsistent terminology, lack of clarity around best practices, and a sense that only the most technically inclined could ever really make sense of the process. A new software development framework from NIST is poised to change all that.
Much like it did with its Cybersecurity Framework, NIST has brought together what we have learned about software security over the past two decades and created a secure software development framework (SSDF) that can get us all talking from the same playbook. The framework builds on SAFECode’s publications on secure development best practices, the BSA Framework for Secure Software, and other industry contributions to deliver a core set of high-level secure software development practices that help ensure that software is secure by design. Software producers who follow these practices can reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to achieve continuous improvement of software security. Software consumers can use the framework to confidently build their security requirements and apply them as applicable to their software acquisition processes.
To learn more about this webinar (agenda, link to register, etc.), please visit the NIST National Cybersecurity Center of Excellence (NCCoE) website:
https://www.nccoe.nist.gov/events/de-mystifying-secure-software-development-webinar
Starts: June 23, 2020 - 11:00 AM EDT
Ends: June 23, 2020 - 01:00 PM EDT
Format: Virtual Type: Webinar
Attendance Type: Open to public
Audience Type: Industry,Government,Academia,Other
Security and Privacy: acquisition, digital signatures, encryption, risk management, systems security engineering
Technologies: software & firmware
Applications: cybersecurity framework