The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, and the National Security Agency (NSA) recently issued new guidance urging software manufacturers to take measures to ensure the products they ship are secure-by-design, “out of the box.” This new report, named “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default,” encourages companies to build their systems in a way that prevents customers from having to perform continuous monitoring, updates, and damage control.
Not only is this good practice, but it is also an effective way to mitigate bugs and vulnerabilities before the products are released. It can require time and resources, which can be an issue for organizations trying to balance their budget.
Recently, the European Union passed the Cyber Resilience Act which laid out a cybersecurity framework for hardware and software producers to improve the security of products. It is part of an industry shift that moves the burden of security away from the customers and toward the software manufacturers.
Ray Kelly, a Fellow at the Synopsys Software Integrity Group, stated that “Building security into the design process is not only good practice, it’s also very effective in mitigating flaws in software before they reach the consumer. The challenge, however, is for organizations to adopt these practices without affecting the business, as this process takes time and requires resources that can impact the bottom line.”
The Synopsys Software Integrity Group is the world’s leading provider of Software Composition Analysis (SCA) products, with their offerings comprising the most comprehensive SCA solution available in the market. It provides organizations with tools to create secure and high-quality software through advanced risk analysis capabilities. Ray Kelly brings extensive expertise in software development and security engineering to the Synopsys Software Integrity Group, and is a leading voice in the industry on issues pertaining to software security and reliability.
Furthermore, Synopsys Software Integrity Group is hosting an event called the AI Investment Summit in San Francisco on July 11th and 12th. It is a platform for top executives to discuss how to optimize and integrate AI investments for success.
In conclusion, CISA’s new guidelines aim to influence software manufacturers to ship secure products “out of the box.” Both the Cyber Resilience Act and CISA’s new guidance signal a shift away from the customer having to shoulder the responsibility of product security to the active participation of software vendors. The Synopsys Software Integrity Group, with their expertise and offerings on software security and reliability, is an attractive platform for leaders to join and discuss how to maximize their AI investments.
