Increasing Software Cyber Resilience
Software is the lifeblood of the digital economy. But alongside the benefits it provides, it introduces risks that need to be managed across our software supply chains, to ensure our systems remain resilient against cyber attacks.
Now, the British government has formulated a voluntary Code of Practice for Software Vendors in a systemic intervention, designed to ensure that security is ‘baked into' software, rather than a costed extra.
The Code is aimed at software vendors, setting out the minimum range of actions that should be in place to ensure their products and services are resilient to a cyber attack from a commodity threat.
It will begin as voluntary code, but further policy interventions to support its uptake and impact are currently being explored. The Code of Practice for Software Vendors is made up of 21 provisions over 4 principles:
- Secure design and development ensures that the product or service is appropriately secure when provided.
- Build environment security ensures that the appropriate steps are taken to minimise the risk of build environments becoming compromised, and to protect the integrity and quality of the software.
- Secure deployment and maintenance ensures that the product or service remains secure throughout its lifetime, to minimise the likelihood and impact of vulnerabilities.
- Communication with customers ensures that vendor organisations provide sufficient information to customers to enable effective risk and incident management.
Improving the security of software at scale will significantly contribute to the cyber resilience of our supply chains in the UK. The Code is intended to establish the right foundations on which compliance and assurance regimes can be built upon. For more Information please click > HERE <
Image: Jacob Wackerhausen
You Might Also Read:
The Importance Of Formal Verification Networks For Secure Software:
DIRECTORY OF SUPPLIERS - Software & Application Security:
___________________________________________________________________________________________
If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible