SEP 22, 2020 | GLOBAL
BSA Updates Framework for Secure Software to Better Address Cyber Threats
Improved framework offers timely guidance on securing global supply chain
WASHINGTON – September 22, 2020 – Software innovations are transforming the way we live and work. But insecure software carries the potential for unprecedented economic, legal, and physical risk. In fact, recent news from the FBI shows an increase in the number of complaints about cyberattacks, up to as many as 4,000 a day, or a 400% increase from pre-coronavirus levels. As the role of technology in every sector expands and emerging technologies like 5G become more widespread, software developers and governments face the challenge of how to secure software components in vast, complex supply chains. Stakeholders need clear and flexible guidance to secure the rapidly growing digital ecosystem.
BSA | The Software Alliance today released a new version of a key tool for improving the software supply chain, the BSA Framework for Secure Software. This updated framework includes crucial changes to strengthen criteria for securing software supply chains and better align with relevant guidance. Specifically, the new framework is fully mapped to the National Institute for Standards and Technology (NIST)’s Secure Software Development Framework (SSDF), providing software developers an accessible tool to implement the SSDF. Moreover, it incorporates more robust guidance on securing development environments to prevent supply chain attacks.
“As cyber threats grow, the software industry and policymakers must come together to protect the global software supply chain from malicious cyberattacks. This issue has never been more relevant – the Internet of Things is expected to grow to more than 200 billion devices by 2023, and these newly connected devices will pose a major security risk,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “BSA member companies are on the cutting edge of pioneering security-by-design principles that lead to stronger, more secure software products. The updated BSA Framework for Secure Software will help drive the adoption of those best practices across the entire industry. I look forward to BSA’s continued collaboration with software companies and policymakers as we work to build the trusted technologies of the future.”
Specifically, the Framework is intended to be used to help:
- Software development organizations describe the current state and target state of software security in individual software security products and services;
- Software development organizations identify opportunities for improvement in development and lifecycle management processes, and assess progress toward target states;
- Software developers, vendors, and customers communicate internally and externally about software security; and
- Software customers evaluate and compare the security of individual software products and services.
The Framework is intended to guide development lifecycles for all types of software, from installed programs to Software-as-a-Service, as well as all types of development processes, from waterfall to DevOps. The Framework is a living document and will continue to be updated and improved based on ongoing feedback and technical developments.
Find BSA’s updated Secure Software Development Framework here.
BSA |“软件联盟”(www.bsa.org) 是全球软件行业的主要倡导者，旨在代表该行业，向政府和国际市场发声。其成员包括全球最具创新力的公司，这些公司制定的软件解决方案，不但能够刺激经济，还能提升现代生活的品质。
BSA 的总部位于华盛顿特区，其营运机构遍布 30 多个国家。BSA 凭借这些机构，率先涉足合规项目，以期促进使用合法软件、倡导制定公共政策，并以此培养技术创新能力，以及推动发展数字经济。