Increasing Software Cyber Resilience

Uploaded on 2024-06-03 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Software is the lifeblood of the digital economy. But alongside the benefits it provides, it introduces risks that need to be managed across our software supply chains, to ensure our systems remain resilient against cyber attacks.

Now, the British government has formulated a voluntary Code of Practice for Software Vendors in a systemic intervention, designed to ensure that security is ‘baked into' software, rather than a costed extra. 

The Code is aimed at software vendors, setting out the minimum  range of actions that should be in place to ensure their products and services are resilient to a cyber attack from a commodity threat.  

It will begin as voluntary code, but further policy interventions to support its uptake and impact are currently being explored. The Code of Practice for Software Vendors is made up of 21 provisions over 4 principles: 

  • Secure design and development ensures that the product or service is appropriately secure when provided.  
  • Build environment security ensures that the appropriate steps are taken to minimise the risk of build environments becoming compromised, and to protect the integrity and quality of the software. 
  • Secure deployment and maintenance ensures that the product or service remains secure throughout its lifetime, to minimise the likelihood and impact of vulnerabilities. 
  • Communication with customers ensures that vendor organisations provide sufficient information to customers to enable effective risk and incident management. 

Improving the security of software at scale will significantly contribute to the cyber resilience of our supply chains in the UK.  The Code is intended to establish the right foundations on which compliance and assurance regimes can be built upon.  For more Information please click > HERE

Image: Jacob Wackerhausen

You Might Also Read: 

The Importance Of Formal Verification Networks For Secure Software:

DIRECTORY OF SUPPLIERS - Software & Application Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Germany’s Christian Democratic Party Attacked
Identities Are The Highest Priority Risk Area »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ABB

ABB

ABB is a pioneering technology leader in industrial digitalization. Services include cyber security for industrial control systems IoT.

Cybonet

Cybonet

Cybonet provides easy to deploy, flexible and scalable security solutions that empower organizations of all sizes to actively safeguard their networks in the face of today’s evolving threats.

Silicon:SAFE

Silicon:SAFE

Silicon:SAFE develops impenetrable hardware solutions that prevent bulk data theft during a cyber-attack.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

Fingerprint Cards

Fingerprint Cards

Fingerprint Cards develops and produces biometric components and technologies that verify a person’s identity through the analysis and matching of an individual’s unique fingerprint.

Culinda

Culinda

Culinda secures medical IoT devices in hospitals with An Artificial Intelligence platform and security gateway.

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

ComoNExT Innovation Hub

ComoNExT Innovation Hub

ComoNExT is a Digital Innovation Hub and a startup incubator with a focus on the issues of digital transformation and Industry 4.0.

CYBRScore

CYBRScore

CYBRScore is a premium, performance-based cyber skills training and assessment provider that quantifies a user’s ability to defend a network.

VISTA InfoSec

VISTA InfoSec

VISTA InfoSec is a global Information Security Consulting firm with offices based in US, UK, Singapore and India.

DeNexus

DeNexus

DeNexus is the leading provider of cyber risk modeling for industrial networks. Our Mission is to build the Global Standard for Industrial Cyber Risk Quantification.

Delinea

Delinea

Delinea is a leading provider of cloud-ready privileged access management (PAM) solutions that empower cybersecurity for the modern, hybrid enterprise.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.

OxCyber

OxCyber

OxCyber's mission is to ignite and encourage cybersecurity and technology growth in the Thames Valley through meetings, webinars, in person events, workshops and mentorship programs.

Cyber Advisors

Cyber Advisors

Cyber Advisors offers customizable cyber security solutions and IT services for businesses of all sizes across the nation from experts you can trust.