CISA officials identify areas for future research, stakeholder engagement to boost secure software practices

The Cybersecurity and Infrastructure Security Agency wants to work with stakeholders across the software development ecosystem to boost implementation of secure design practices developed for software manufacturers and consumers, according to agency officials.

CISA needs to conduct research with all of the stakeholder communities that “play a role” in ensuring the quality of software, including software manufacturers, customers, venture capitalists, incident response firms and education systems, CISA senior technical advisor Bob Lord said on a Dec. 22 Lawfare podcast....