Intelligence Agencies, International Allies Produce Secure-by-Design Guidelines

Intelligence community organizations and cybersecurity agencies from allied countries have developed a set of rules for software developers to ensure that they apply secure-by-design and -default principles. Included in the document are core principles and technical recommendations to aid companies in factoring safety into their product design, configuration and delivery processes.

One idea put forward by the guidelines is that customers should not be liable for security outcomes that result from using software; instead, the burden for ensuring safety should fall on the manufacturers. The document supports a key pillar of the White House’s national cybersecurity strategy, which is aimed at promoting secure development by holding large companies accountable for faults in their products.

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, explained in a press release issued Thursday that building tech resiliency will depend on software makers taking security into account as early as possible in the development process. Easterly, a 2023 Wash100 awardee, said that the principles espoused in the document are meant to kickstart a worldwide shift in how such products are designed, CISA said Thursday.