Search
Close this search box.

We are creating some awesome events for you. Kindly bear with us.

New Guidance to Improve Software Producers’ Cybersecurity

New Zealand cybersecurity authority, CERT NZ, is collaborating with agencies from 6 countries to publish new recommendations for software producers to enhance cybersecurity and safeguard clients from cyber threats. The guidance is New Zealand’s joint effort with Australia, Canada, the United States of America, the United Kingdom of Great Britain and Northern Ireland, Germany, and the Netherlands.

The paper titled “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default,” stressed the importance to offer certain products by design and default. In the joint guidance, software producers are strongly encouraged to revise their design and development programmes to guarantee that only products that are secure by design and by default will be distributed to end users.

The guidance revealed that one of the fundamental themes accentuated is that the burden of security should be shifted from users to software manufacturers, who should take ownership of their products’ security outcomes.

“Manufacturers can take a significant amount of the burden off end-users shoulders by developing secure products both by design and by default. We are aware that several manufacturers are already engaging in this practice, and we have high hopes that we will be able to inspire further ones to do so,” Rob Pope, the Director of CERT New Zealand, emphasise the guidance importance.

The advice recommends making a secure configuration the default baseline for products so that the most significant security policies necessary to protect businesses from dangerous cyber actors are automatically enabled.

The primary objective is to catalyse progress towards making the additional financial investments and cultural reforms necessary to establish a safe and secure future. Before designing, configuring, or shipping their products, software producers should consult the guidance, which provides fundamental concepts that can help them include software security in their design processes.

The authors emphasise the significance of embracing radical transparency and accountability by ensuring that vulnerability advisories and accompanying common vulnerability and exposure (CVE) data are complete and correct.

It is also suggested to establish an organisational structure for software makers that prioritises security as an essential component of product development. The organisational structure should ensure executive-level commitment to this priority. By adhering to these fundamental principles, software makers can provide more secure goods, lighten the load on end users, and contribute to global cyber resilience.

Software producers need to enhance the security practises they now employ and accept responsibility for the security outcomes of their products. Software producers may contribute substantially to creating a safer and more secure digital future by including security in their product design processes and making it a feature enabled by default.

The concerted effort made by the seven different authorities in cybersecurity demonstrates the importance of international cooperation and coordination in the quest to improve cybersecurity. The dissemination of this information represents a significant advancement in work being done to make the digital world more secure and to shield customers from the effects of cyberattacks.

By combining their efforts, the authorities can advance a global discourse about the most critical priorities, investments, and decisions to realise a safe, secure, and resilient future technology. The united cybersecurity authorities seek to pave the way for a safer and more secure digital future by encouraging software manufacturers to prioritise security during the design process and by making security a feature that is enabled by default. The guidance emphasises the necessity of international cooperation and collaboration to handle the complex cybersecurity issues posed by the digital age.

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

As a Titanium Black Partner of Dell Technologies, CTC Global Singapore boasts unparalleled access to resources.

Established in 1972, we bring 52 years of experience to the table, solidifying our position as a leading IT solutions provider in Singapore. With over 300 qualified IT professionals, we are dedicated to delivering integrated solutions that empower your organization in key areas such as Automation & AI, Cyber Security, App Modernization & Data Analytics, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Renowned for our consulting expertise and delivering expert IT solutions, CTC Global Singapore has become the preferred IT outsourcing partner for businesses across Singapore.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and consulting services provider, helping clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,800 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently, and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity, and service. For more information, visit www.ibm.com