Are you ready to bring more awareness to your brand? Consider becoming a sponsor for The AI Impact Tour. Learn more about the opportunities here.

Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the National Security Agency (NSA) and cybersecurity authorities across Australia, Canada, United Kingdom, Germany, Netherlands and New Zealand released new guidance urging software manufacturers to take the steps necessary to ship products that are secure-by-design, “out of the box.” 

The guidance, a report named “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default,” aims to “encourage every technology manufacturer to build their products in a way that prevents customers from having to constantly perform monitoring, routine updates, and damage control on their systems.” 

It also outlines the steps organizations can take to implement secure-by-design and secure-by-default approaches, which are essential for minimizing vulnerabilities and bugs before their release to the market, ensuring software remains resilient to exploitation from threat actors.  

“Building security into the design process is not only good practice, it’s also very effective in mitigating flaws in software before they reach the consumer. The challenge, however, is for organizations to adopt these practices without affecting the business, as this process takes time and requires resources that can impact the bottom line,” said Ray Kelly, fellow at Synopsys Software Integrity Group.

VB Event

The AI Impact Tour

Connect with the enterprise AI community at VentureBeat’s AI Impact Tour coming to a city near you!


Learn More

The report comes less than a year after the EU introduced the Cyber Resilience Act, which set out to codify a cybersecurity framework for hardware and software producers to improve the security of products during the design and development phase. 

Both the Cyber Resilience Act and CISA’s new guidance highlights there is an industry-wide shift away from placing the burden of security on end-user organizations and customers toward making software vendors more transparent and accountable for the level of bugs and vulnerabilities present in released products. 

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.