© 2019 SourceMedia. All rights reserved.

New software Framework intended to define, advance security features

BSA-The Software Alliance, an advocate organization for the global software industry, recently released what it called a first-of-its-kind framework for secure software.

The BSA Framework for Secure Software is designed to tackle complex security challenges “through an adaptable and outcome-focused approach that is risk-based, cost-effective, and repeatable,” according to the alliance. The Framework describes baseline security outcomes across the software development process, the software lifecycle management process, and the security capabilities of the software itself.

The framework is intended to help software development organizations describe the current state of software security in individual software products; describe the target state of the software security in individual software products; identify and prioritize opportunities for improvement in development and lifecycle management processes; assess progress toward the target state; and communicate among internal and external stakeholders about software security and security risks.

Software-tester.png
Software tester

The framework applies to all types of software, from installed programs to software-as-a-service (SaaS). As innovations continue to drive rapid evolution of software practices, the framework is designed to remain a “living document,” to be updated and improved based on ongoing feedback and technical developments, BSA said.

“BSA’s framework is the first to offer a holistic approach to software security for software companies, their customers, and policymakers,” said Victoria Espinel, president and CEO of the Software Alliance. “To effectively secure the digital ecosystem, we need a way to evaluate software security that is meaningful enough to protect software against malicious exploitation and flexible enough to consider all of software’s nuanced types and characteristics.”

For reprint and licensing requests for this article, click here.