Software used to be the interface between people and machines. Perhaps it still is, but in a broader perspective over the years. Today, software is all around us, powering personal technologies, critical infrastructure, the Internet of Things (IoT), blockchain and artificial intelligence (AI). Software is central to our lives. But how do we keep it safe in this age of evolving and expansive cybersecurity threats?
Innovations driven by software - as described in the introduction - are the foundation of a new, connected digital economy and can bring great economic and social benefits. At the same time, because software is all around us, it has the potential to cause great economic and even physical damage itself.
Keeping software safe throughout its lifecycle requires great effort from software development organisations and stakeholders (such as their customers). All can use existing standards and guidelines, but until recently there was no consolidated framework that brings together best practices in a way that can be effectively measured, regardless of the software development environment or purpose. But now there is. BSA (the Business Software Alliance) has developed the BSA Framework for Secure Software. It has published the new Software Security Framework, which can be downloaded free of charge.
According to the BSA, in order to realise optimal software security, efforts must be spread across both organisational processes and product security capabilities. We would like to add a third component to this: People. Because at the end of the day, it is people who use the technology and we are important stakeholders as a result. The BSA stated that the BSA Secure Software Framework is a living framework; adding people would be our first proposal.
If we look at Software Asset Management (SAM), this does not include software development itself. Software enters the SAM software lifecycle when it is part of a selection process following a functional software requirement. But from then on, security is an essential part of software selection, implementation, maintenance and decommissioning. This also applies to Software as a Service (SaaS), but without patching and updating software. If you want to know more about software security management and software asset management, you can consult the ISO 19770 documentation or consult one of our experts.
You may be interested to know that Software Security Management is part of our Managed SAM service and that we also offer Cyber Security Value Engagements as part of our SAM certification work. Feel free to contact us for more information about our services.