Sun. Sep 25th, 2022
    en flag
    fr flag
    de flag
    pt flag
    es flag

    Press Announcement

    BSA Releases First-of-Its-Kind Framework for Secure Software

    A flexible and holistic approach to guide and assess software security

    As malicious actors increasingly target vulnerabilities in software to attack critical networks and systems, software security has emerged as an urgent priority. Software developers, their customers, and policymakers need tools to describe, assess, and encourage security across the entire software lifecycle, from its development to the end of its life. While some standards and guidelines exist, there is no holistic framework that articulates best practices in a way that can be specifically described and effectively measured across diverse development environments, software types, and coding languages — until now.

    BSA | The Software Alliance today [April 30, 2019] announces the release of the BSA Framework for Secure Software to fill one of the most significant gaps in cybersecurity policy. The Framework tackles complex security challenges through an adaptable and outcome-focused approach that is risk-based, cost-effective, and repeatable. The Framework describes baseline security outcomes across the software development process, the software lifecycle management process, and the security capabilities of the software itself.

    “BSA’s Framework is the first to offer a holistic approach to software security for software companies, their customers, and policymakers,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “To effectively secure the digital ecosystem, we need a way to evaluate software security that is meaningful enough to protect software against malicious exploitation and flexible enough to consider all of software’s nuanced types and characteristics. Otherwise we risk disrupting innovation or failing to keep pace with rising cybersecurity threats.”

    “From botnets commandeering IoT devices to sophisticated nation-state cyberattacks, software vulnerabilities are often the key entry point for hackers. Software security has long been a critical gap in securing the Internet ecosystem, and the BSA software security framework represents an important contribution. It gives developers and policymakers alike a tool to guide software assurance activities and strengthen cybersecurity throughout our increasingly software-centric economy,” said Senator Mark Warner (D-VA), Co-Chair and Founder of the Senate Cybersecurity Caucus.

    ““Secure software is essential to further developing AI, conquering 5G and building Internet of Things devices that will improve and enhance nearly every aspect of our society, economy and our day-to-day lives. The BSA Framework for Secure Software is an important step that will help ensure we are building our bright future with security in mind, not as an afterthought,” said Congressman Will Hurd (R-TX-23).

    “BSA is to be commended for creating a Software Security Framework that integrates technical, policy, management, and risk considerations in a form that will be useful to development organizations across a wide range of sizes and technologies. SAFECode and its members are happy to have worked with BSA during the development of the Framework and we’re very pleased with the end result. We strongly encourage organizations to consider adoption of the Framework,” said Steve Lipner, Executive Director of SAFECode.

    “During my time as Illinois Attorney General, I regularly saw what happens when hackers exploit software vulnerabilities. For consumers, it means breaches that enable the theft of their financial data, health data, and sensitive, personal data. In the aftermath, consumers too often face the long-lasting damage of identity theft. Government and industry must do more to limit software vulnerabilities by proactively working to address cybersecurity challenges. The BSA Software Security Framework represents a needed step forward and is the type of response we should be seeing from the software industry,” said Lisa Madigan, Attorney General of Illinois, 2003-2019.

    “BSA deserves a lot of credit for its hard work on software security best practices. The Framework is a major contribution and should spur a serious dialogue on best practices with government and other parts of the industry,” said Stewart Baker, Partner, Steptoe & Johnson LLP.

    The Framework is intended to help software development organizations:

    1. Describe the current state of software security in individual software products;
    2. Describe the target state of the software security in individual software products;
    3. Identify and prioritize opportunities for improvement in development and lifecycle management processes;
    4. Assess progress toward the target state; and
    5. Communicate among internal and external stakeholders about software security and security risks.

    The Framework is intended to be relevant to all types of software, from installed programs to Software-as-a-Service, as well as all types of development processes, from waterfall to DevOps. As innovations continue to drive rapid evolution of software practices, the Framework is intended to remain a living document, to be updated and improved based on ongoing feedback and technical developments.

    Explore the full BSA Framework for Secure Software here.

    Read the complete release at BSA Releases First-of-Its-Kind Framework for Secure Software

    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    Leaning Forward? The CISA 2023-2025 Strategic Plan

    The purpose of the CISA Strategic Plan is to communicate the...

    Continuous Risk Improvement? Q3 Cyber Round-Up From Cowbell Cyber

    According to Manu Singh, director of risk engineering at Cowbell, "Every...

    A Comprehensive Cyber Discovery Resource? The DoD Cybersecurity Policy Chart from CSIAC

    The Cyber Security and Information Systems Information Analysis Center (CSIAC) is...

    Rapidly Evolving Cyber Insurance? Q2 Cyber Round-Up From Cowbell Cyber

    According to Isabelle Dumont, SVP of Marketing and Technology Partners at...

    Revealing Response? Nuix Responds to ASX Request for Information

    The following investor news update from Nuix shares a written response...

    Revealing Reports? Nuix Notes Press Speculation

    According to a September 9, 2022 market release from Nuix, the...

    Regards to Broadway? HaystackID® Acquires Business Intelligence Associates

    According to HaystackID CEO Hal Brooks, “BIA is a leader in...

    One Large Software and Cloud Business? OpenText to Acquire Micro Focus

    According to OpenText CEO & CTO Mark J. Barrenechea, “We are...

    On the Move? 2022 eDiscovery Market Kinetics: Five Areas of Interest

    Recently ComplexDiscovery was provided an opportunity to share with the eDiscovery...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    A 2021 Look at eDiscovery Collection: Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    Five Great Reads on Cyber, Data, and Legal Discovery for September 2022

    From privacy legislation and special masters to acquisitions and investigations, the...

    Five Great Reads on Cyber, Data, and Legal Discovery for August 2022

    From AI and Big Data challenges to intriguing financial and investment...

    Five Great Reads on Cyber, Data, and Legal Discovery for July 2022

    From lurking business undercurrents to captivating deepfake developments, the July 2022...

    Five Great Reads on Cyber, Data, and Legal Discovery for June 2022

    From eDiscovery ecosystem players and pricing to data breach investigations and...

    Cooler Temperatures? Fall 2022 eDiscovery Business Confidence Survey Results

    Since January 2016, 2,874 individual responses to twenty-eight quarterly eDiscovery Business...

    Inflection or Deflection? An Aggregate Overview of Eight Semi-Annual eDiscovery Pricing Surveys

    Initiated in the winter of 2019 and conducted eight times with...

    Changing Currents? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2022

    In the summer of 2022, 54.8% of survey respondents felt that...

    Challenging Variants? Issues Impacting eDiscovery Business Performance: A Summer 2022 Overview

    In the summer of 2022, 28.8% of respondents viewed increasing types...

    Nuclear Options? Ukraine Conflict Assessments in Maps (September 17 – 21, 2022)

    According to a recent update from the Institute for the Study...

    Mass Graves and Torture Chambers? Ukraine Conflict Assessments in Maps (September 12 – 16, 2022)

    According to a recent update from the Institute for the Study...

    On The Run? Ukraine Conflict Assessments in Maps (September 7 – 11, 2022)

    According to a recent update from the Institute for the Study...

    Tangible Degradation? Ukraine Conflict Assessments in Maps (September 2 – 6, 2022)

    According to a recent update from the Institute for the Study...