BSA seeks details on alignment of CISA bad practices guide with other software security efforts

The Cybersecurity and Infrastructure Security Agency should take steps to align its product security bad practices guidance with other federal software policy initiatives including the self-attestation form and National Institute of Standards and Technology guidance, according to BSA-The Software Alliance.

“The document includes resources, but it remains unclear how the authoring organizations understand the practices in the document within the context of the National Institute of Standards and Technology (NIST) Secure Software Development Framework, or the Secure Software Attestation Form,”...