Software, it used to be the interface between man and machine. Maybe it still is, but in a broader perspective over the years. Today, software is all around us, powering personal technologies, critical infrastructures, the Internet of Things (IoT), blockchain and artificial intelligence (AI). Software is central in our lives. But how do we keep it safe in the era of evolving and expansive cybersecurity threats?
Read time: 3 minutes
The risk
Innovations driven by software – as described in the introduction – are the base of a new, connected digital economy and can bring large economic and social benefits. At the same time, because software is all around us, it has the potential to cause even large economic and even physical damage.
Consolidated Framework
Keeping software safe throughout the software lifecycle requires large efforts of software development organizations and stakeholders (like their customers). All can use existing standards and guidelines but up to recent days there was no consolidated framework that brings together best practices in a manner that can be effective measured, regardless of the software development environment or the purpose of the software. But now there is. BSA (the Business Software Alliance) has developed the BSA Framework for Secure Software. They have published the new software security framework and it is a free download.
Software Security Definition
The internet wouldn’t be the internet if there weren’t about a million definitions of Software Security …. The BSA has this definition: “Software Security encompasses what a software development organization does to protect a software product and the associated critical data from vulnerabilities, internal and external threats, critical errors, or misconfigurations that can affect performance or expose data.”
Keeping software safe, the missing link
According to BSA, to be able to realize optimal software security, efforts need to be spread between both organizational processes and product security capabilities. We like to add a third component to that: people. Because in the end it is people using the technology and with that they are an important stakeholder. The BSA stated the BSA Framework for Secure Software is a living framework; adding ‘people’ would be our first suggestion.
Software Security and SAM
When looking at Software Asset Management (SAM), that does not cover the actual software development. Software enters the SAM software lifecycle when it is a part of a selection process after a functional software requirement. But starting there, security is a main part in selecting, implementing, maintaining and retirement of software. This also counts for Software as a Service, but without the patching and updating off course. When you want to know more about Software Security Management and Software Asset Management, you may consult the ISO 19770 documentation or consult one of our experts.
Managed Service
It might be of your interest that Software Security Management is part of our Managed Software Asset Management Service in the Advanced and Premium subscriptions. Contact us for more information on that or the new BSA Framework for Secure Software.