Security of software often requires complicated trade-offs between strategic choices of organizations and security risks. The Framework Secure Software puts this consideration back where it belongs: with administrators and not with legal and technical staff employees. Two organizations explain how, together with software suppliers, they again take responsibility for software security. Date: Wednesday, November 18 Time: 3.45-4.25pm
“The Dutch SSA (Secure Software Alliance) has defined a framework for secure software development intending to conform to all phases of the SDLC. It focuses on threat modeling as a prerequisite for secure software development.” The EU Agency for Cybersecurity publishes a study on existing approaches for secure software development and maintenance while highlighting aspects to be considered under the EU cybersecurity certification framework.
Pilots Framework In 2019 the alliance started pilots to show and document what application of the framework means for software development processes and for the users of software. The results will be published in 2020.
This ENISA study introduces good practices for IoT security, with a particular focus on software development guidelines for secure IoT products and services throughout their lifetime. Establishing secure development guidelines across the IoT ecosystem, is a fundamental building block for IoT security. By providing good practices on how to secure the IoT software development process, this study tackles one aspect for achieving security by design, a key recommendation that was
Presenting framework ECP (Platform for the Information Society) is an independent and neutral platform where government, science, business, education and social organizations collaborate and exchange public-private knowledge about a responsible design of our digitizing society. Secure software Alliance was presenting at ECP jaarcongres 2019 about our secure software development framework.
The control framework that is presented in this study report is built upon the ever-increasing number of articles, (research) papers, books and best practice models about Agile and DevOps.The goal for this study report is to provide IT auditors, but also other information security and risk professionals, with a basic introduction and a control framework to mitigate the key IT risks associated with agile and DevOps principles.
The European Parliament, the Council and the European Commission have reached a political agreement on the Cybersecurity Act which reinforces the mandate of the EU Agency for Cybersecurity, (European Union Agency for Network and Information and Security, ENISA) so as to better support Member States with tackling cybersecurity threats and attacks. The Act also establishes an EU framework for cybersecurity certification, boosting the cybersecurity of online services and consumer devices.
Presenting Agile Secure Software Lifecycle Management The International One Conference in The Hague, the Netherlands, is the international cyber security conference you don’t want to miss. During the two days, leading speakers from all over the world will share insights and developments in cyber security. The conference aims to facilitate the exchange of knowledge and ideas within the international cyber security community. Secure Software Alliance was presenting about Agile Secure