Hi All,
Secure by design products are those in which software manufacturers-the companies that create, ship, and maintain software-make security a core consideration from the earliest stages of the product development lifecycle. Ensuring that the products they use and procure are secure by design is essential for organizations to be resilient against ransomware and other forms of malicious cyber activity. Software manufacturers strive to deliver the features customers request, so it is crucial that customers explicitly demand security as part of the procurement process.
In this guidance, we lay out questions and resources that organizations buying software can use to better understand a software manufacturer's approach to cybersecurity and ensure that the manufacturer makes secure by design a core consideration. This guidance is a counterpart to CISA's Secure by Design guidance for technology manufacturers, which lays out three secure by design principles:
(1) Take ownership of customer security outcomes,
(2) Embrace radical transparency and accountability, and
(3) Build organizational structure and leadership to achieve these goals.
------------------------------
Michael Roza CPA, CISA, CIA, CC, CCSKv5, CCZTv1, MBA, Exec MBA,
------------------------------