Assessing Secure-By-Design Software Claims in Security Software
Understanding Secure-By-Design Principles
As cyber threats escalate, organizations need to prioritize security software that ensures vendor compliance with secure-by-design principles. This proactive approach integrates security throughout the software development lifecycle.
Incorporating Secure Practices into Risk Assessments
Effective vendor risk assessments must focus on secure by design measures. As Michael Riemer, Field Chief Information Security Officer of Ivanti, indicates: “For us, as a software vendor, it means taking full responsibility for our own products.” This includes analyzing the entire architecture, from design to storage and usage.
Key Questions for Vendors
- What coding practices are in place?
- How transparent are the secure by design goals?
- Do you have a SOC 2 Type 2 report available?
Tracking Vendor Progress
Vendors should publicly disclose their secure by design goals and commit to regular updates on their progress. As Riemer states, “We’re holding ourselves accountable for our secure by design progress.” By following these steps, IT leaders can effectively assess whether vendors are genuinely adhering to secure by design practices and protecting against vulnerabilities.
This article was prepared using information from open sources in accordance with the principles of Ethical Policy. The editorial team is not responsible for absolute accuracy, as it relies on data from the sources referenced.