APR 29, 2019 | GLOBAL
BSA Releases First-of-Its-Kind Framework for Secure Software
A flexible and holistic approach to guide and assess software security
WASHINGTON – April 30, 2019 – As malicious actors increasingly target vulnerabilities in software to attack critical networks and systems, software security has emerged as an urgent priority. Software developers, their customers, and policymakers need tools to describe, assess, and encourage security across the entire software lifecycle, from its development to the end of its life. While some standards and guidelines exist, there is no holistic framework that articulates best practices in a way that can be specifically described and effectively measured across diverse development environments, software types, and coding languages — until now.
BSA | The Software Alliance today announces the release of the BSA Framework for Secure Software to fill one of the most significant gaps in cybersecurity policy. The Framework tackles complex security challenges through an adaptable and outcome-focused approach that is risk-based, cost-effective, and repeatable. The Framework describes baseline security outcomes across the software development process, the software lifecycle management process, and the security capabilities of the software itself.
“BSA’s Framework is the first to offer a holistic approach to software security for software companies, their customers, and policymakers,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “To effectively secure the digital ecosystem, we need a way to evaluate software security that is meaningful enough to protect software against malicious exploitation and flexible enough to consider all of software’s nuanced types and characteristics. Otherwise we risk disrupting innovation or failing to keep pace with rising cybersecurity threats.”
“From botnets commandeering IoT devices to sophisticated nation-state cyberattacks, software vulnerabilities are often the key entry point for hackers. Software security has long been a critical gap in securing the Internet ecosystem, and the BSA software security framework represents an important contribution. It gives developers and policymakers alike a tool to guide software assurance activities and strengthen cybersecurity throughout our increasingly software-centric economy,” said Senator Mark Warner (D-VA), Co-Chair and Founder of the Senate Cybersecurity Caucus.
““Secure software is essential to further developing AI, conquering 5G and building Internet of Things devices that will improve and enhance nearly every aspect of our society, economy and our day-to-day lives. The BSA Framework for Secure Software is an important step that will help ensure we are building our bright future with security in mind, not as an afterthought,” said Congressman Will Hurd (R-TX-23).
“BSA is to be commended for creating a Software Security Framework that integrates technical, policy, management, and risk considerations in a form that will be useful to development organizations across a wide range of sizes and technologies. SAFECode and its members are happy to have worked with BSA during the development of the Framework and we’re very pleased with the end result. We strongly encourage organizations to consider adoption of the Framework,” said Steve Lipner, Executive Director of SAFECode.
“During my time as Illinois Attorney General, I regularly saw what happens when hackers exploit software vulnerabilities. For consumers, it means breaches that enable the theft of their financial data, health data, and sensitive, personal data. In the aftermath, consumers too often face the long-lasting damage of identity theft. Government and industry must do more to limit software vulnerabilities by proactively working to address cybersecurity challenges. The BSA Software Security Framework represents a needed step forward and is the type of response we should be seeing from the software industry,” said Lisa Madigan, Attorney General of Illinois, 2003-2019.
“BSA deserves a lot of credit for its hard work on software security best practices. The Framework is a major contribution and should spur a serious dialogue on best practices with government and other parts of the industry,” said Stewart Baker, Partner, Steptoe & Johnson LLP.
The Framework is intended to help software development organizations:
- Describe the current state of software security in individual software products;
- Describe the target state of the software security in individual software products;
- Identify and prioritize opportunities for improvement in development and lifecycle management processes;
- Assess progress toward the target state; and
- Communicate among internal and external stakeholders about software security and security risks.
The Framework is intended to be relevant to all types of software, from installed programs to Software-as-a-Service, as well as all types of development processes, from waterfall to DevOps. As innovations continue to drive rapid evolution of software practices, the Framework is intended to remain a living document, to be updated and improved based on ongoing feedback and technical developments.
Explore the full BSA Framework for Secure Software here.
소프트웨어 연합(BSA | The Software Alliance, 이하 BSA)(www.bsa.org)은 각국 정부를 대상으로 세계 시장에서 전 세계 소프트웨어 업계를 대변하고 옹호하는 선도적 연합체입니다. 세계의 가장 혁신적 기업들이 회원사로 참여하며 경제에 활기를 불어 넣고 현대의 생활을 향상시키는 소프트웨어 솔루션을 만들어 내고 있습니다.
워싱턴 DC에 본부를 두고, 30개국이 넘는 국가들에서 운영되는 BSA는, 합법적 소프트웨어 사용을 증진시키고 기술 혁신을 촉진하며 디지털 경제의 성장을 추진하는 공공 정책을 지지하는 준법 프로그램들을 선도합니다.