loader gif

NIST Asks for Input on Building Secure Software

NIST Asks for Input on Building Secure Software (Laws, Policy, Regulations)

On Tuesday, NIST released a draft set of guidelines that technologists should follow to ensure security is baked into every step of the software development lifecycle. The document divides the secure development process into four different categories—preparing the organization, protecting the software, producing well-secured software and responding to vulnerability reports—and offers specific instructions to help ensure each of the goals are met. “Following these practices should help software producers reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences,” NIST wrote in the framework. “Software consumers can reuse and adapt the practices in their software acquisition processes.” The framework provides a wide array of management, planning and security policies meant to safeguard different steps of the development process, as well as best practices for preventing developers from unknowingly building weaknesses into their code.

loader gif