“The focus should be on what manufacturers are doing to keep their customers safe, not the damage attackers might be inflicting” – Bob Lord, CISA. It is important to abide by this principle while delivering quality products to customers, which dictates “secure by design”.
A recent article talked about how to apply “secure by design” and also highlighted the mandate by several nations to make it compulsory during implementation. Technology companies need to prove they are incorporating security into their products with detailed data and logs! A great start! The article also highlights several steps that the product team need to consider to make “secure by design” a reality.
Last month, CISA issued an updated guidance on software security. This guidance document details the principles and associated recommended practices. While it will be mandated for software development in the CISA-partnered countries, it would be great to have more and more countries join the mandate and get the principles implemented in their own territories.
Secure by design is not just a checklist but like many other best practices, a mindset. The key would be to educate and foster an environment of security knowledge for the engineers so that they can have the mindset while developing and testing software. Security is an important pillar of Software Quality and hence it cannot be ignored during the development or during the post-development testing and deployment phases.
I’ll be writing more specific blogs in the future on the various topics covered in the ‘secure by design’ guidelines accompanied by best practices and to-do guides specific to operating systems, programming languages, and industries/domains. I hope that you would continually engage with me while I deliver these articles. If your organisation is looking for Software Quality consulting, feel free to get in touch with me.
Let’s build better software!