The Cybersecurity and Infrastructure Security Agency is seeking information from entities from the software industry regarding its Secure by Design principle campaign.
The agency on Wednesday released its white paper on the implementation of secure-by-design and secure-by-default principles into the software development life cycle.
The document is a proposed approach to weave better security into the life cycle, holding manufacturers and developers accountable instead of the customers.
CISA is interested in other perspectives on how the government can help companies invest in programs for eliminating recurring vulnerabilities. It also wants to learn more about the cost of adopting secure-by-design versus the cost of cyber incident response.
“While we have already received a wide range of feedback on our secure by design campaign, we need to incorporate the broadest possible range of perspectives,” said CISA Director Jen Easterly. “The President’s National Cybersecurity Strategy calls for a fundamental shift in responsibility for security from the customer to software manufacturers, and input from this RFI will help us define our path ahead, including updates to our joint seal Secure by Design whitepaper,” added Easterly, a Wash100 winner.
Responses to the request for information are due by Feb. 20.
