A software security framework document issued this week by trade group BSA | The Software Alliance drew the endorsement of key House and Senate lawmakers involved in cybersecurity issues.
The framework, BSA said, “describes baseline security outcomes across the software development process, the software lifecycle management process, and the security capabilities of the software itself,” and “tackles complex security challenges through an adaptable and outcome-focused approach that is risk-based, cost-effective, and repeatable.”
Such a framework is needed, the group said, because “there is no holistic framework that articulates best practices in a way that can be specifically described and effectively measured across diverse development environments, software types, and coding languages.”
“Software security has long been a critical gap in securing the Internet ecosystem, and the BSA software security framework represents an important contribution,” said Sen. Mark Warner, D-Va., ranking member of the Senate Homeland Security and Governmental Affairs Committee. “It gives developers and policymakers alike a tool to guide software assurance activities and strengthen cybersecurity throughout our increasingly software-centric economy.”
“The BSA Framework for Secure Software is an important step that will help ensure we are building our bright future with security in mind, not as an afterthought,” said Rep. Will Hurd, R-Texas. “Secure software is essential to further developing AI, conquering 5G and building Internet of Things devices that will improve and enhance nearly every aspect of our society, economy and our day-to-day lives.”