Tech group urges CISA to focus on operationalizing software guidance instead of identifying ‘bad practices’

The Information Technology Industry Council wants the Cybersecurity and Infrastructure Security Agency to provide tailored guidance on secure by design principles that focus on software development processes, in response to a bad practices guide on common product defects.

“Instead of introducing a set of ‘bad practices’ and affiliated guidance, which misses much of the nuance that is required to appropriately identify and mitigate cybersecurity risks, we encourage additional focus on helping organizations to operationalize and implement secure-by-design practices as a...