NIST white paper offers process for addressing vulnerabilities throughout software development process

A new white paper from the National Institute of Standards and Technology offers a framework for software producers to use in building security into their development processes, and on the other end of the equation, for “software consumers” to use in their acquisition processes.

The paper, “Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework,” was written by veteran NIST cybersecurity leader Donna Dodson, Murugiah Souppaya of the Computer Security Division at NIST’s Information Technology...