At the quarterly meeting of the National Institute of Standards and Technology’s (NIST) Information Security and Privacy Advisory Board, researchers said that NIST was working on a new effort to emphasize secure software development on its Cybersecurity Framework.
There are four categories that the secure software development guidelines will include in its recommendations to organizations:
- Prepare organizations to consider security integrations from the start of a project;
- Protect software from flaws;
- Prevent including vulnerabilities in code; and
- Respond to vulnerabilities that are reported from outside the organization.
“If you’re writing code, you ought to be thinking about security as part of that,” NIST’s Chief Cybersecurity Officer Donna Dodson said. NIST is planning to publish guidance on the new efforts by publishing a draft white paper by the end of April 2019. With public feedback included, NIST will then publish a final white paper by the end of June 2019.