Summary: Yesterday, CISA published a blog post reemphasizing their efforts to close the software understanding gap. This comes out of a national effort to enhance the ability to construct and analyze software to understand its functionality, safety, and security before organizations place it into use, both as producers and consumers of software.
Analyst Note: Similar to CISA’s Secure by Demand guidance, closing the software understanding gap is not only intended for software manufacturers, but for all organizations who use and facilitate the demand for secure software. Organizations play an important role in driving a secure technology ecosystem. Identifying and buying the products that are the most secure will not only make your utility less of a target, but will also encourage manufacturers to create secure products.
Original Source: https://www.cisa.gov/news-events/news/tackling-national-gap-software-understanding
Additional Reading:
- Closing the Software Understanding Gap
- Secure by Design – CISA and FBI Release Updated Guidance on Product Security Bad Practices
- CISA Alert – CISA Releases Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem
Related WaterISAC PIRs: 6, 11
