Design standards shift to Big Tech and Government for security

February 28, 2024
1 min read

TLDR:

  • The White House Office of the National Cyber Director is emphasizing the importance of developing impenetrable products through Secure by Design standards.
  • Responsibility for cybersecurity is being shifted from individuals and small businesses to large organizations like technology companies and the federal government.

The article discusses the shift in Secure by Design standards towards big tech companies and the government. The White House Office of the National Cyber Director has released a report emphasizing the importance of developing secure and measurable software, urging the responsibility for cybersecurity to be taken on by large organizations rather than individuals and small businesses. Secure by Design principles involve making cybersecurity a core business requirement of technology products, with secure configurations enabled by default. The ONCD believes that by factoring cybersecurity outcomes into the manufacturing process, creators of software and hardware can have a significant impact on national security. They also advocate for the adoption of memory safe programming languages to prevent vulnerabilities.

The article also highlights a company, OP[4], which has launched a product security platform to help build secure-by-default systems. The platform aims to identify and mitigate cyber risks throughout the product lifecycle. Additionally, the ISC2 Cybersecurity Workforce Study indicates a skills gap in application security, with a growing demand for secure software development skills. ISC2 has launched training programs to help professionals skill up in these high-demand areas.

Further insights on Secure by Design come from a report, co-authored by multiple cybersecurity authorities, which explains the importance of transitioning to memory safe programming languages to eliminate vulnerabilities. Overall, the emphasis is on building secure systems from the ground up to address the evolving cybersecurity threats.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and