About Us Initiatives Press/News Links/Resources Contact Events Privacy Policy
Press Release

FOR IMMEDIATE RELEASE

FOR ADDITIONAL INFORMATION:
BSA: Jeri Clausing, 202-530-5127, [email protected]
Computer Associates: Nicole Keating, 202-973-4788, [email protected]
Microsoft: Jenny Murphy, 202- 337-0808, [email protected]
NCSP: Doug McGinn, 202-715-1558, [email protected]

National Cyber Security Partnership Task Force

Issues Report on Security Across the Software Development Lifecycle

WASHINGTON, D.C., April 1, 2004 – A task force of security technology experts, academics and business and government officials today released its first round of recommendations for improving software security (www.cyberpartnership.org/init-soft.html). In a 100-plus page report that takes the first in-depth look at improving security across the software development lifecycle, the task force of the National Cyber Security Partnership (NCSP) issued preliminary recommendations and agreed on a number of areas to focus its future efforts.

"Software security is a serious, long-term multifaceted problem that requires multiple solutions and the application of resources through the development lifecycle," said task force Co-Chair Scott Charney, chief security strategist for Microsoft. "There is no silver bullet for making software secure. But we are pleased that so many people dedicated their time to delving into this very complicated area to begin formulating solid recommendations for improving software security at all levels in the future."

"The task force has taken important steps forward in the long road toward implementing key components of the National Strategy to Secure Cyberspace," said task force Co-Chair Ron Moritz, chief security strategist for Computer Associates. "By helping to improve research, education, software development and the processes by which patches are distributed and managed, these initiatives will further augment the economic value and social benefits that software delivers—while making the global digital environment significantly more secure."

The report makes four key recommendations:

  • Improving the education of current and future software developers, including creation of a new initiative to make security a core component of software development programs at the university level, and a Software Security
  • Certification Accreditation Program.
  • Developing best practices for putting security at the heart of the software design process.
  • Adopting a set of "Guiding Principles for Patch Management" to ensure patches are well-tested, small, localized, reversible and easy to install.
  • Adopting an "Incentives Framework" that policymakers, developers, companies and others can use to develop effective strategies and incentives for making software more secure.

The task force, "Improving Security Across the Software Development Lifecycle" was co-chaired by Charney and Moritz. The Business Software Alliance served as secretariat for the group, which also included members from a broad range of backgrounds, including universities, the government, security consultants, think tanks, associations and the private sector.



# # #

About NCSP
The National Cyber Security Partnership (www.cyberpartnership.org) is led by the Business Software Alliance (BSA), the Information Technology Association of America (ITAA), TechNet and the U.S. Chamber of Commerce in voluntary partnership with academicians, CEOs, federal government agencies, and industry experts. Following the release of the 2003 White House National Strategy to Secure Cyberspace and the National Cyber Security Summit, the public-private partnership was established to develop shared strategies and programs to better secure and enhance America’s critical information infrastructure. The task forces will be releasing separate work products beginning in March 2004 and ending in April 2004.

About BSA
The Business Software Alliance (www.bsa.org) is the foremost organization dedicated to promoting a safe and legal digital world. The BSA is the voice of the world's software and Internet industry before governments and with consumers in the international marketplace. Its members represent one of the fastest growing industries in the world. BSA educates computer users on software copyrights and cyber security; advocates public policy that fosters innovation and expands trade opportunities; and fights software piracy. BSA members include Adobe, Apple, Autodesk, Avid, Bentley Systems, Borland, Cisco Systems, CNC Software/Mastercam, HP, IBM, Intel, Internet Security Systems, Intuit, Macromedia, Microsoft, Network Associates, PeopleSoft, RSA Security, SolidWorks, Sybase, Symantec, UGS PLM Solutions Inc. and VERITAS Software.