CISA to Issue Secure-by-Design Software Development Rules

The Cybersecurity and Infrastructure Security Agency will soon publish a set of guidelines for secure-by-design, a software development model defined by adding built-in safeguards and following best coding practices. The initiative is in keeping with the White House’s national cybersecurity strategy, a core tenet of which is to shift the responsibility for protecting systems away from individuals and small businesses.

CISA Director Jen Easterly, a 2023 Wash100 winner, explained at the Crowdstrike Government Summit on Tuesday that the principles will not be all-encompassing but will represent significant progress toward holding software vendors accountable for vulnerabilities.

Easterly reiterated past comments that such companies should take responsibility for their customers’ security, maintain transparency and pursue a safety-first design approach, CyberScoop reported. In a speech during a Carnegie Mellon University event in February, she said a lack of built-in cybersecurity measures in software has helped leave consumer and organizational systems vulnerable to attacks.

According to Easterly, every technology product, especially those that support critical infrastructure, needs to have strong security.