Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now
Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the National Security Agency (NSA) and cybersecurity authorities across Australia, Canada, United Kingdom, Germany, Netherlands and New Zealand released new guidance urging software manufacturers to take the steps necessary to ship products that are secure-by-design, “out of the box.”
The guidance, a report named “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default,” aims to “encourage every technology manufacturer to build their products in a way that prevents customers from having to constantly perform monitoring, routine updates, and damage control on their systems.”
It also outlines the steps organizations can take to implement secure-by-design and secure-by-default approaches, which are essential for minimizing vulnerabilities and bugs before their release to the market, ensuring software remains resilient to exploitation from threat actors.
“Building security into the design process is not only good practice, it’s also very effective in mitigating flaws in software before they reach the consumer. The challenge, however, is for organizations to adopt these practices without affecting the business, as this process takes time and requires resources that can impact the bottom line,” said Ray Kelly, fellow at Synopsys Software Integrity Group.
AI Scaling Hits Its Limits
Power caps, rising token costs, and inference delays are reshaping enterprise AI. Join our exclusive salon to discover how top teams are:
- Turning energy into a strategic advantage
- Architecting efficient inference for real throughput gains
- Unlocking competitive ROI with sustainable AI systems
Secure your spot to stay ahead: https://bit.ly/4mwGngO
The report comes less than a year after the EU introduced the Cyber Resilience Act, which set out to codify a cybersecurity framework for hardware and software producers to improve the security of products during the design and development phase.
Both the Cyber Resilience Act and CISA’s new guidance highlights there is an industry-wide shift away from placing the burden of security on end-user organizations and customers toward making software vendors more transparent and accountable for the level of bugs and vulnerabilities present in released products.
