Fri. Aug 12th, 2022
    en flag
    fr flag
    de flag
    pt flag
    es flag

    Press Announcement

    BSA Releases First-of-Its-Kind Framework for Secure Software

    A flexible and holistic approach to guide and assess software security

    As malicious actors increasingly target vulnerabilities in software to attack critical networks and systems, software security has emerged as an urgent priority. Software developers, their customers, and policymakers need tools to describe, assess, and encourage security across the entire software lifecycle, from its development to the end of its life. While some standards and guidelines exist, there is no holistic framework that articulates best practices in a way that can be specifically described and effectively measured across diverse development environments, software types, and coding languages — until now.

    BSA | The Software Alliance today [April 30, 2019] announces the release of the BSA Framework for Secure Software to fill one of the most significant gaps in cybersecurity policy. The Framework tackles complex security challenges through an adaptable and outcome-focused approach that is risk-based, cost-effective, and repeatable. The Framework describes baseline security outcomes across the software development process, the software lifecycle management process, and the security capabilities of the software itself.

    “BSA’s Framework is the first to offer a holistic approach to software security for software companies, their customers, and policymakers,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “To effectively secure the digital ecosystem, we need a way to evaluate software security that is meaningful enough to protect software against malicious exploitation and flexible enough to consider all of software’s nuanced types and characteristics. Otherwise we risk disrupting innovation or failing to keep pace with rising cybersecurity threats.”

    “From botnets commandeering IoT devices to sophisticated nation-state cyberattacks, software vulnerabilities are often the key entry point for hackers. Software security has long been a critical gap in securing the Internet ecosystem, and the BSA software security framework represents an important contribution. It gives developers and policymakers alike a tool to guide software assurance activities and strengthen cybersecurity throughout our increasingly software-centric economy,” said Senator Mark Warner (D-VA), Co-Chair and Founder of the Senate Cybersecurity Caucus.

    ““Secure software is essential to further developing AI, conquering 5G and building Internet of Things devices that will improve and enhance nearly every aspect of our society, economy and our day-to-day lives. The BSA Framework for Secure Software is an important step that will help ensure we are building our bright future with security in mind, not as an afterthought,” said Congressman Will Hurd (R-TX-23).

    “BSA is to be commended for creating a Software Security Framework that integrates technical, policy, management, and risk considerations in a form that will be useful to development organizations across a wide range of sizes and technologies. SAFECode and its members are happy to have worked with BSA during the development of the Framework and we’re very pleased with the end result. We strongly encourage organizations to consider adoption of the Framework,” said Steve Lipner, Executive Director of SAFECode.

    “During my time as Illinois Attorney General, I regularly saw what happens when hackers exploit software vulnerabilities. For consumers, it means breaches that enable the theft of their financial data, health data, and sensitive, personal data. In the aftermath, consumers too often face the long-lasting damage of identity theft. Government and industry must do more to limit software vulnerabilities by proactively working to address cybersecurity challenges. The BSA Software Security Framework represents a needed step forward and is the type of response we should be seeing from the software industry,” said Lisa Madigan, Attorney General of Illinois, 2003-2019.

    “BSA deserves a lot of credit for its hard work on software security best practices. The Framework is a major contribution and should spur a serious dialogue on best practices with government and other parts of the industry,” said Stewart Baker, Partner, Steptoe & Johnson LLP.

    The Framework is intended to help software development organizations:

    1. Describe the current state of software security in individual software products;
    2. Describe the target state of the software security in individual software products;
    3. Identify and prioritize opportunities for improvement in development and lifecycle management processes;
    4. Assess progress toward the target state; and
    5. Communicate among internal and external stakeholders about software security and security risks.

    The Framework is intended to be relevant to all types of software, from installed programs to Software-as-a-Service, as well as all types of development processes, from waterfall to DevOps. As innovations continue to drive rapid evolution of software practices, the Framework is intended to remain a living document, to be updated and improved based on ongoing feedback and technical developments.

    Explore the full BSA Framework for Secure Software here.

    Read the complete release at BSA Releases First-of-Its-Kind Framework for Secure Software

    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    The Tip of the Iceberg? New ENISA Report on Threat Landscape for Ransomware Attacks

    According to ENISA, this threat landscape report analyzed a total of...

    Consumers Paying the Price? Cost of a Data Breach Hits Record High According to New IBM Report

    According to IBM Security, the annual Cost of a Data Breach Report...

    Safeguarding ePHI? NIST Updates Guidance for Health Care Cybersecurity

    This new NIST Special Publication aims to help educate readers about...

    Countering Threat Actors? Using Social Network Analysis for Cyber Threat Intelligence (CCDCOE)

    According to the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)...

    Revenue Headwinds? KLDiscovery Inc. Announces Second Quarter 2022 Financial Results

    According to Christopher Weiler, CEO of KLDiscovery Inc, “The second quarter...

    Beyond Revenue? DISCO Announces Second Quarter 2022 Financial Results

    According to Kiwi Camara, Co-Founder and CEO of DISCO, “We are...

    Live with Leeds? Exterro Completes Recapitalization in Excess of $1 Billion

    According to the press release, with the support of a group...

    TCDI Completes Acquisition of Aon’s eDiscovery Practice

    According to TCDI Founder and CEO Bill Johnson, “We chose Aon’s...

    On the Move? 2022 eDiscovery Market Kinetics: Five Areas of Interest

    Recently ComplexDiscovery was provided an opportunity to share with the eDiscovery...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    A 2021 Look at eDiscovery Collection: Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    Five Great Reads on Cyber, Data, and Legal Discovery for July 2022

    From lurking business undercurrents to captivating deepfake developments, the July 2022...

    Five Great Reads on Cyber, Data, and Legal Discovery for June 2022

    From eDiscovery ecosystem players and pricing to data breach investigations and...

    Five Great Reads on Cyber, Data, and Legal Discovery for May 2022

    From eDiscovery pricing and buyers to cyberattacks and incident response, the...

    Five Great Reads on Cyber, Data, and Legal Discovery for April 2022

    From cyber attack statistics and frameworks to eDiscovery investments and providers,...

    Inflection or Deflection? An Aggregate Overview of Eight Semi-Annual eDiscovery Pricing Surveys

    Initiated in the winter of 2019 and conducted eight times with...

    Changing Currents? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2022

    In the summer of 2022, 54.8% of survey respondents felt that...

    Challenging Variants? Issues Impacting eDiscovery Business Performance: A Summer 2022 Overview

    In the summer of 2022, 28.8% of respondents viewed increasing types...

    Downshift Time? eDiscovery Operational Metrics in the Summer of 2022

    In the summer of 2022, 65 eDiscovery Business Confidence Survey participants...

    Droning On? Ukraine Conflict Assessments in Maps (August 3 – 7, 2022)

    According to a recent update from the Institute for the Study...

    Assuaging Distress? Ukraine Conflict Assessments in Maps (July 29 – August 2, 2022)

    According to a recent update from the Institute for the Study...

    Momentum Challenges? Ukraine Conflict Assessments in Maps (July 24 – 28, 2022)

    According to a recent update from the Institute for the Study...

    Port Support? Ukraine Conflict Assessments in Maps (July 19 – 23, 2022)

    According to a recent update from the Institute for the Study...