Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Turning Secure Software Development into a Measurable Practice

    July 13, 2026

    LAPD Regularly Pulled Over Innocent People Because License Plate Readers Flagged Their Cars As Stolen

    July 13, 2026

    Podcast: Liberation, Eroticism, and Sex in Public (with Angela Jones)

    July 13, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»Turning Secure Software Development into a Measurable Practice
    News

    Turning Secure Software Development into a Measurable Practice

    adminBy adminJuly 13, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    When CIS and SAFECode first released Secure by Design: A Guide to Assessing Software Security Practices, the goal was clear: provide organizations with practical guidance for evaluating whether software security is truly embedded throughout the development lifecycle. Now, with the release of version 1.1, that guidance has been updated to reflect today’s evolving software development landscape, emerging technologies, and growing regulatory expectations.

    Rather than introducing a new framework, version 1.1 builds on the original guide’s foundation by refining assessment approaches, expanding guidance around artificial intelligence (AI), and aligning with recent developments in software security policy and industry best practices.

    Why an Update Was Needed

    Since the publication of the original guide, the conversation around Secure by Design has continued to evolve. Government agencies, regulators, software vendors, and customers are increasingly focused on shifting security responsibility toward software manufacturers and reducing vulnerabilities before products reach users. At the same time, AI has rapidly emerged as both a powerful development tool and a new security challenge.

    Version 1.1 addresses these developments while maintaining the guide’s core mission: helping organizations assess software security practices through real-world evidence rather than theoretical claims. 

    What’s New in Version 1.1

    Expanded Guidance on Artificial Intelligence

    The most notable addition in version 1.1 is a dedicated focus on AI’s role in software development and security.

    The updated guide explores how organizations can use AI to improve threat modeling, identify vulnerabilities, and assist with vulnerability remediation. It also addresses the risks associated with AI-generated code and cautions organizations against treating AI-generated outputs as inherently secure. Instead, AI-produced code should undergo the same review, testing, and validation processes applied to human-written software.

    Version 1.1 also introduces discussion of AI-enabled applications, the security considerations surrounding large language models, and emerging concerns related to agentic AI systems. The guidance encourages organizations to take advantage of AI’s capabilities while maintaining proven Secure by Design practices. 

    Updated Policy and Regulatory References

    The Secure by Design ecosystem has matured significantly, and Version 1.1 reflects those changes.

    The guide includes updated references to ongoing CISA Secure by Design initiatives, NIST Secure Software Development Framework activities, Executive Order 14306, and the European Union Cyber Resilience Act. These updates help organizations understand how Secure by Design practices align with current and emerging cybersecurity expectations worldwide. 

    Enhanced Assessment Resources

    A central theme of the guide remains the importance of measurable security practices. Version 1.1 strengthens the connection between Secure by Design principles and the evidence organizations can use to demonstrate implementation.

    The updated assessment materials continue to map NIST SSDF practices to:

    • CIS Critical Security Controls®
    • SAFECode Development Groups
    • Organizational roles and responsibilities
    • Development artifacts and evidence required for assessment

    This provides organizations with a clearer path for evaluating the maturity and effectiveness of their software security programs. 

    The Core Principles Remain Unchanged

    While Version 1.1 introduces several important updates, it preserves the six foundational Secure by Design considerations that formed the basis of the original guide:

    • Secure Software Design
    • Secure Development
    • Secure Default Configuration
    • Supply Chain Security
    • Code Integrity
    • Vulnerability Remediation

    These six areas continue to provide the framework for building, maintaining, and evaluating secure software throughout its lifecycle.

    A Continued Focus on Evidence

    One of the guide’s distinguishing features is its emphasis on assessment through evidence rather than self-attestation.

    Version 1.1 continues to encourage organizations to demonstrate Secure by Design adoption through development artifacts such as threat models, workflow records, vulnerability management data, testing results, source code analysis outputs, and root-cause analysis documentation. By tying security claims to observable evidence, organizations can provide greater confidence to customers, regulators, and other stakeholders. 

    Looking Ahead

    Secure by Design is not a static initiative. As software development practices evolve, organizations must continuously adapt to new threats, technologies, and operational realities.

    Version 1.1 reflects that reality by incorporating lessons learned since the original release and addressing one of the most significant developments facing the software industry today: artificial intelligence. At the same time, it remains grounded in the practical, measurable, and risk-based approach that made the original guide valuable to developers, customers, assessors, and policymakers alike. 

    For organizations looking to strengthen software security, evaluate development practices, or align with emerging Secure by Design expectations, Secure by Design v1.1: A Guide to Assessing Software Security Practices provides an updated roadmap for turning software security principles into measurable practice.



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleLAPD Regularly Pulled Over Innocent People Because License Plate Readers Flagged Their Cars As Stolen
    admin
    • Website

    Related Posts

    News

    LAPD Regularly Pulled Over Innocent People Because License Plate Readers Flagged Their Cars As Stolen

    July 13, 2026
    News

    Podcast: Liberation, Eroticism, and Sex in Public (with Angela Jones)

    July 13, 2026
    News

    Infosec News Nuggets — July 13, 2026 – AboutDFIR

    July 13, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Our Picks

    Turning Secure Software Development into a Measurable Practice

    July 13, 2026

    LAPD Regularly Pulled Over Innocent People Because License Plate Readers Flagged Their Cars As Stolen

    July 13, 2026

    Podcast: Liberation, Eroticism, and Sex in Public (with Angela Jones)

    July 13, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.