As hackers get smarter, software security professionals must enhance their methods to stay one step ahead. Fortunately, they don't have to work alone. The National Cyber Security Partnership released a report that recommends four key steps in improving security across the software-development lifecycle: One is to improve the education of current and future software developers. This includes the creation of a new initiative to make security a core component of software-development programs at the university level, as well as a software security certification accreditation program. Another is to develop best practices for putting security at the heart of the software design process. Third, the industry needs to adopt a set of guiding principles for patch management to ensure that patches are well tested, small, localized, reversible, and easy to install. Finally, the industry should adopt an incentive framework that policymakers, developers, companies, and others can use to develop effective strategies and incentives to tighten software security.
A task force of security technology experts, academics, and business and government officials prepared the report. The NCSP includes representatives from the Business Software Alliance, the Information Technology Association of America, TechNet, and the U.S. Chamber of Commerce. The report responds to the White House National Strategy to Secure Cyberspace and the National Cyber Security Summit. See details at www.cyberpartnership.org.