Secure-by-Design
CISA and 17 U.S. and international partners published an update to the joint Secure by Design product, “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software,” that includes expanded principles, guidance, and eight new international agency co-sealers.
Initially published in April 2023, this joint guidance urges software manufacturers to take urgent steps necessary to ship products that are secure by design and revamp their design and development programs to permit only secure by design products to be shipped to customers.
This updated guidance includes feedback received from hundreds of individuals, companies, and non-profits. It expands on the three principles which are: Take Ownership of Customer Security Outcomes, Embrace Radical Transparency and Accountability, and Lead From the Top. This update highlights how software manufacturers can demonstrate these principles to their customers and the public. Software manufacturers must be able to compete on the basis of security. This joint guidance equips software manufacturers with the tools to demonstrate their commitment to secure by design, and gives customers the means to evaluate their progress, thus creating a demand signal for secure by design.
In addition to the ten U.S. and international partners in the initial publication, the updated guide is published in partnership with Czech Republic, Israel, Singapore, Korea, Norway, OAS/CICTE CSIRTAmericas Network, and Japan (JPCERT/CC and NISC) as a roadmap for technology manufacturers to ensure security of their products.