CISA and partners offer security principles for software to guide development, design practices

The Cybersecurity and Infrastructure Security Agency has issued a set of principles designed to help software manufacturers and consumers build and utilize products that are secure-by-design and -default.

“Now more than ever, it is crucial for technology manufacturers to make Secure-by-Design and Secure-by-Default the focal points of product design and development processes. Some vendors have made great strides driving the industry forward in software assurance, while others lag behind,” CISA says in a 15-page publication offering specific steps organizations...