Thu. Mar 28th, 2024

Press Announcement

BSA Releases First-of-Its-Kind Framework for Secure Software

A flexible and holistic approach to guide and assess software security

As malicious actors increasingly target vulnerabilities in software to attack critical networks and systems, software security has emerged as an urgent priority. Software developers, their customers, and policymakers need tools to describe, assess, and encourage security across the entire software lifecycle, from its development to the end of its life. While some standards and guidelines exist, there is no holistic framework that articulates best practices in a way that can be specifically described and effectively measured across diverse development environments, software types, and coding languages — until now.

BSA | The Software Alliance today [April 30, 2019] announces the release of the BSA Framework for Secure Software to fill one of the most significant gaps in cybersecurity policy. The Framework tackles complex security challenges through an adaptable and outcome-focused approach that is risk-based, cost-effective, and repeatable. The Framework describes baseline security outcomes across the software development process, the software lifecycle management process, and the security capabilities of the software itself.

“BSA’s Framework is the first to offer a holistic approach to software security for software companies, their customers, and policymakers,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “To effectively secure the digital ecosystem, we need a way to evaluate software security that is meaningful enough to protect software against malicious exploitation and flexible enough to consider all of software’s nuanced types and characteristics. Otherwise we risk disrupting innovation or failing to keep pace with rising cybersecurity threats.”

“From botnets commandeering IoT devices to sophisticated nation-state cyberattacks, software vulnerabilities are often the key entry point for hackers. Software security has long been a critical gap in securing the Internet ecosystem, and the BSA software security framework represents an important contribution. It gives developers and policymakers alike a tool to guide software assurance activities and strengthen cybersecurity throughout our increasingly software-centric economy,” said Senator Mark Warner (D-VA), Co-Chair and Founder of the Senate Cybersecurity Caucus.

““Secure software is essential to further developing AI, conquering 5G and building Internet of Things devices that will improve and enhance nearly every aspect of our society, economy and our day-to-day lives. The BSA Framework for Secure Software is an important step that will help ensure we are building our bright future with security in mind, not as an afterthought,” said Congressman Will Hurd (R-TX-23).

“BSA is to be commended for creating a Software Security Framework that integrates technical, policy, management, and risk considerations in a form that will be useful to development organizations across a wide range of sizes and technologies. SAFECode and its members are happy to have worked with BSA during the development of the Framework and we’re very pleased with the end result. We strongly encourage organizations to consider adoption of the Framework,” said Steve Lipner, Executive Director of SAFECode.

“During my time as Illinois Attorney General, I regularly saw what happens when hackers exploit software vulnerabilities. For consumers, it means breaches that enable the theft of their financial data, health data, and sensitive, personal data. In the aftermath, consumers too often face the long-lasting damage of identity theft. Government and industry must do more to limit software vulnerabilities by proactively working to address cybersecurity challenges. The BSA Software Security Framework represents a needed step forward and is the type of response we should be seeing from the software industry,” said Lisa Madigan, Attorney General of Illinois, 2003-2019.

“BSA deserves a lot of credit for its hard work on software security best practices. The Framework is a major contribution and should spur a serious dialogue on best practices with government and other parts of the industry,” said Stewart Baker, Partner, Steptoe & Johnson LLP.

The Framework is intended to help software development organizations:

  1. Describe the current state of software security in individual software products;
  2. Describe the target state of the software security in individual software products;
  3. Identify and prioritize opportunities for improvement in development and lifecycle management processes;
  4. Assess progress toward the target state; and
  5. Communicate among internal and external stakeholders about software security and security risks.

The Framework is intended to be relevant to all types of software, from installed programs to Software-as-a-Service, as well as all types of development processes, from waterfall to DevOps. As innovations continue to drive rapid evolution of software practices, the Framework is intended to remain a living document, to be updated and improved based on ongoing feedback and technical developments.

Explore the full BSA Framework for Secure Software here.

Read the complete release at BSA Releases First-of-Its-Kind Framework for Secure Software

Additional Reading

Source: ComplexDiscovery

 

Generative Artificial Intelligence and Large Language Model Use

ComplexDiscovery OÜ recognizes the value of GAI and LLM tools in streamlining content creation processes and enhancing the overall quality of its research, writing, and editing efforts. To this end, ComplexDiscovery OÜ regularly employs GAI tools, including ChatGPT, Claude, Midjourney, and DALL-E, to assist, augment, and accelerate the development and publication of both new and revised content in posts and pages published (initiated in late 2022).

ComplexDiscovery also provides a ChatGPT-powered AI article assistant for its users. This feature leverages LLM capabilities to generate relevant and valuable insights related to specific page and post content published on ComplexDiscovery.com. By offering this AI-driven service, ComplexDiscovery OÜ aims to create a more interactive and engaging experience for its users, while highlighting the importance of responsible and ethical use of GAI and LLM technologies.

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know, and we will make our response to you a priority.

ComplexDiscovery OÜ is a highly recognized digital publication focused on providing detailed insights into the fields of cybersecurity, information governance, and eDiscovery. Based in Estonia, a hub for digital innovation, ComplexDiscovery OÜ upholds rigorous standards in journalistic integrity, delivering nuanced analyses of global trends, technology advancements, and the eDiscovery sector. The publication expertly connects intricate legal technology issues with the broader narrative of international business and current events, offering its readership invaluable insights for informed decision-making.

For the latest in law, technology, and business, visit ComplexDiscovery.com.