Loading...
Skip to main content

Comme de nombreux sites Web, des cookies sont utilisés pour assurer le bon fonctionnement des Sites Web de BSA et offrir à leurs utilisateurs la meilleure expérience possible. Vous pouvez en apprendre davantage sur la façon dont nous utilisons les cookies et sur les options qui s’offrent à vous pour modifier l’utilisation des cookies par votre navigateur dans notre section d’information sur les cookies. Le fait d’utiliser ce site Web sans modifier vos paramètres de gestion des cookies signifie que vous acceptez nos conditions d’utilisation des cookies.

X

Updated: BSA Framework for Secure Software

Cybersecurity
Global

Innovative software technologies are driving the creation of a new, connected digital economy and can yield tremendous economic and social benefits. Because these technologies also have the potential to create economic, legal, and even physical risk, software development organizations, their customers, and policymakers are increasingly seeking ways of assessing and encouraging security across the software lifecycle. While standards and guidelines exist to aid and inform developers in achieving these goals, there is no consolidated framework that brings together best practices in a detailed, holistic manner that can guide software security regardless of the development environment or the purpose of the software.

BSA | The Software Alliance has developed The BSA Framework for Secure Software to fill that gap. The Framework offers an outcome-focused, standards-based risk management tool to help stakeholders in the software industry – developers, vendors, customers, policymakers, and others – communicate and evaluate security outcomes associated with specific software products and services. Notably, Version 1.1 of the Framework fully maps to the U.S. National Institute for Standards and Technology (NIST) “Secure Software Development Framework,” providing organizations a convenient tool to demonstrate their alignment with this NIST guidance.

Specifically, the Framework is intended to be used to:

  1. help software development organizations describe the current state and target state of software security in individual software security products and services.
  2. help software development organizations identify opportunities for improvement in development and lifecycle management processes, and assess progress toward target states.
  3. help software developers, vendors, and customers communicate internally and externally about software security; and
  4. help software customers evaluable and compare the security of individual software products and services.
BSA Framework for Secure Software
Télécharger le fichier PDF