Security Across the Software Development Life Cycle

The National Cyber Security Partnership Task Force today issued a report on applying security across the software development lifecycle. They probably had a deadline to get it out, but was no one wary about issuing the report on what is—in the Unites States, anyway—April Fool’s Day?

It does not seem to be a prank. The report is here.

Quoting from that page, the task force met to discuss “how to achieve meaningful and measurable vulnerability reductions through collaborative standards, tools and measures for software; new tools and methods for rapid patch deployment; and best-practice adoption across the entire critical infrastructure.”

Now, granted that reads as if created by a random phrase generator. But there are some very bright folks on the task force, including my old boss, Steve Lipner of Microsoft. So, I think it is worth a read. Which I will do today.

No comments: