Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on federal policies to protect cyberspace.
NIST offers recommendation for securing software from development through lifecycle
A draft “white paper” from the National Institute of Standards and Technology recommends the use of a “secure software development framework” throughout the lifecycle of an operating system or program, a proposal that will likely come up in various software policy discussions by government and industry.
“Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure the software being developed is...