Loading...
Skip to main content

像很多网站一样,BSA的网站使用cookies来确保网站的高效运作,为我们的用户提供最佳的体验。 您可以在我们的Cookies声明中了解我们使用Cookies的更多信息,以及如何更改浏览器的Cookies设置。 继续使用本网站但不更改您的Cookies设置,即表示您同意我们使用Cookies。

X

Updated: BSA Framework for Secure Software

Cybersecurity
Global

Innovative software technologies are driving the creation of a new, connected digital economy and can yield tremendous economic and social benefits. Because these technologies also have the potential to create economic, legal, and even physical risk, software development organizations, their customers, and policymakers are increasingly seeking ways of assessing and encouraging security across the software lifecycle. While standards and guidelines exist to aid and inform developers in achieving these goals, there is no consolidated framework that brings together best practices in a detailed, holistic manner that can guide software security regardless of the development environment or the purpose of the software.

BSA | The Software Alliance has developed The BSA Framework for Secure Software to fill that gap. The Framework offers an outcome-focused, standards-based risk management tool to help stakeholders in the software industry – developers, vendors, customers, policymakers, and others – communicate and evaluate security outcomes associated with specific software products and services. Notably, Version 1.1 of the Framework fully maps to the U.S. National Institute for Standards and Technology (NIST) “Secure Software Development Framework,” providing organizations a convenient tool to demonstrate their alignment with this NIST guidance.

Specifically, the Framework is intended to be used to:

  1. help software development organizations describe the current state and target state of software security in individual software security products and services.
  2. help software development organizations identify opportunities for improvement in development and lifecycle management processes, and assess progress toward target states.
  3. help software developers, vendors, and customers communicate internally and externally about software security; and
  4. help software customers evaluable and compare the security of individual software products and services.
下载 PDF
cover thumb upload 2