Security by Design

Keeping software secure has been a big topic for a long time. Microsoft came up with a plan called SD3+C in 2004, which is now called the Security Development Lifecycle. The Department of Homeland Security and Carnegie Mellon Software Engineering Institute also created a website to help software developers and security people make software that is safe and works well.

The new White House rule about improving the country’s cybersecurity says that businesses that sell software need to ensure it’s secure; otherwise, the government won’t purchase their products. These companies must also provide a detailed list, called a Software Bill of Materials (SBOM), which describes all the parts that make up their software. They also need to complete a form confirming how their software was created. This new rule will push businesses that sell to both the government and the public to up their game when it comes to cybersecurity.