Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)

Dodson, Donna F.; Souppaya, Murugiah; Scarfone, Karen

doi:10.6028/nist.cswp.04232020

“…Manufacturers should consider which, if any, secure development practices are most appropriate 759 for them and their customers as they further plan how to adequately support customer goals. Manufacturers can answer questions like the following based on expected customers and uses cases to help identify additional action to take towards cybersecurity: [28], which highlights selected practices for secure software development. Each of these practices is widely recommended by existing secure software development publications, and the white paper provides references from nearly 20 of these publications.…”

Section: Activity 4: Plan For Adequate Support Of Customer Goalsmentioning

confidence: 99%

Recommendations for IoT Device 2 Manufacturers:

Fagan¹,

Megas²,

Scarfone³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST. Organizations are encouraged to review all draft publications during public comment periods and provide feedback to NIST. Many NIST cybersecurity publications, other than the ones noted above, are available at https://csrc.nist.gov/publications.

show abstract

“…The same recommendations for messaging discussed above apply 725 for follow-up communications, but extra care should be taken to avoid too many or contradictory follow-up messages, which could lead some customers, particularly home customers, to ignore important messages. [22] states, following secure software development practices should help manufacturers "reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences. "…”

Section: Support and Lifespan Expectationsmentioning

confidence: 99%

“…There are many existing standards, guidelines, and other publications on secure software development. IoT device manufacturers interested in more information can consult the NIST white paper on secure software development [22] which highlights selected practices for secure software development. Each of these practices is widely recommended by existing secure software development publications, and the white paper provides references from nearly 20 of these publications.…”

Section: Support and Lifespan Expectationsmentioning

confidence: 99%

Core Cybersecurity Features Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers

Fagan¹,

Megas²,

Scarfone³

et al. 2019

Preprint

Self Cite

View full text Add to dashboard Cite

There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may wish to closely follow the development of these new publications by NIST. Organizations are encouraged to review all draft publications during public comment periods and provide feedback to NIST. Many NIST cybersecurity publications, other than the ones noted above, are available at https://csrc.nist.gov/publications.

show abstract

“…The first row illustrates that the team would consider objectives of the Design phase including planning, and thus would need a Security Architect.Table 3is an informative example and does not cover all the Work Roles that may be present or needed for a given Team. For more information, see NIST's Secure Software Development Framework [6].…”

mentioning

confidence: 99%

Workforce Framework for Cybersecurity (NICE Framework)

Petersen¹,

Santos²,

Smith³

et al. 2020

View full text Add to dashboard Cite

This publication from the National Initiative for Cybersecurity Education (NICE) describes the Workforce Framework for Cybersecurity (NICE Framework), a fundamental reference for describing and sharing information about cybersecurity work. It expresses that work as Task statements and describes Knowledge and Skill statements that provide a foundation for learners including students, job seekers, and employees. The use of these statements helps students to develop skills, job seekers to demonstrate competencies, and employees to accomplish tasks. As a common, consistent lexicon that categorizes and describes cybersecurity work, the NICE Framework improves communication about how to identify, recruit, develop, and retain cybersecurity talent. The NICE Framework is a reference source from which organizations or sectors can develop additional publications or tools that meet their needs to define or provide guidance on different aspects of cybersecurity education, training, and workforce development.

show abstract

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)

Cited by 21 publications

References 2 publications

Recommendations for IoT Device 2 Manufacturers:

Recommendations for IoT Device 2 Manufacturers:

Core Cybersecurity Features Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers

Workforce Framework for Cybersecurity (NICE Framework)

Contact Info

Product

Resources

About