Secure-Coding Practices Support Secure by Design Software Agreement of 16 Countries

CISA spearheads joint guidance from world leaders urging software manufacturers to take steps necessary to design and deliver products to be secure by design.

DES MOINES, IA, UNITED STATES, February 6, 2024 /EINPresswire.com/ -- In October 2023 the U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with 17 U.S. and international partners, published an update to Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software that includes additional key principles and guidance to the first edition of this secure-coding reference document that was initially published in April, 2023.

CISA Director Jen Easterly explained, “I am extremely proud of the expansive, insightful and aligned U.S. and international partnerships that have come together with a shared vision of a future in which technology products are secure by design.”

One of the eight core practices is to, “foster a software developer workforce that understands security.” This includes the directive for organizations to take actions as necessary to ensure their software developers understand security by training them on secure-coding best practices, and helping to transform the entire workforce by “updating hiring practices to evaluate security knowledge and working with universities, community colleges, bootcamps, and other educators to weave security into computer science and software development curriculums.”

Another principle is “Embrace Radical Transparency and Accountability.” Organizations must document their principles and practices for secure coding so that everyone involved in software development can improve the security of all new software and all new versions of existing software.

The document also addresses a common issue: “Publicly name a secure by design senior executive sponsor.” This principle argues against the common practice of relegating secure-coding decisions and software quality assurance to low-level technical staff who lack the support of upper management who may not value security and who may dislike the perceived “extra” cost of increased design validation and testing.

Privacy & Security Brainiacs (PSB) fully supports more education of workforce members as well as in grade schools, high schools and universities. As PSB CEO, Rebecca Herold, explains, “Time to production for new and updated software-based products is getting shorter all the time within software makers. This is a result of executive leaders pushing to have new software releases more quickly to position them as the first business to offer a new service or product. Marketing and revenues have historically taken precedence through pressure from sales and marketing, and as part of this initiative to disregard actions for ensuring code is secure. This pressures developers to meet deadlines established by those who do not understand the time to create secure code and the importance of testing the security of the code. These pressures for taking shortcuts results in code vulnerabilities that have resulted in many devastating consequences to those using the software. Harms that run the gamut from data breaches compromising personal data, to financial losses that have shuttered organizations, to significant harms to those using products that interact with the physical world. It is good to see world leaders recognizing the importance of secure coding, and pursuing an initiative to improve the secure-coding practices worldwide.”

To help eliminate the expressed need by world leaders for all organizations to improve secure-coding practices, cybersecurity expert, educator, and NSA-accredited university-program creator, Dr. M. E. Kabay, is creating and delivering courses for the online education platform Privacy & Security Brainiacs (PSB).

Dr. Kabay explains why IT professionals and those thinking about being an IT professional will benefit from his Secure Coding course, “The course addresses issues such as those mentioned above from the CISA-sponsored document. In particular, the course includes specific guidance on appropriate management structures for improving secure coding; e.g., avoiding conflicts of interest by ensuring that security and quality-assurance managers do not report to the head of software development but rather to the chief information officer.”

Secure Coding provides software architects, engineers, developers and coders with the information they need to understand how to code software to help prevent as many cybersecurity incidents as possible through the use of secure code. The course provides information that supports the CISA-led initiative. The course includes student notes that include references for further study, and allows the students to communicate directly with and learn from an experienced secure-coding expert, Dr. Kabay, who has been programming since 1965 and was a member of the team responsible for writing and testing a compiler and database system in the 1970s. He has taught programming and database design for undergraduate and graduate classes as well as to business professionals since 1976 and taught hundreds of courses for users of Hewlett-Packard HP3000 systems.

The Secure Coding course includes a 20-question online exam generated at random from a list of over 60 questions available for study by the students, certificate for passing the course exam that contains information to support continuing professional education (CPE) requirements for a wide range of certifications, and access to communicate directly with Dr. Kabay through the PSB course-messaging portal to ask him questions related to the course topics and to engage in professional discussions.

“This is a great opportunity for everyone who wants to know how to create secure code to learn from the best, at a very low cost. Dr. M.E. Kabay is the creator of the Norwich University Master of Science in Information Security and Assurance program, and an experienced secure-coding expert,” explained Ms. Herold. “This course directly supports the goal of the CISA-led initiative to create applications with secure code to better protect everyone whose personal data is processed by that code.”

About Privacy & Security Brainiacs
Ms. Herold launched Privacy Security Brainiacs in partnership with her son Noah Herold. The online platform offers IT, security, privacy and compliance education, training and awareness tools to help organizations of all sizes and in a wide range of industries throughout the world. Privacy & Security Brainiacs provides online Software as a Service (SaaS) education services, with business admin capabilities for organizations to assign and manage training and other educational activities for their employees. They also provide policies and procedures templates, forms, videos, podcasts, e-books, paperback books, custom training, awareness events, supplemental materials and learning activities. To learn more, visit privacysecuritybrainiacs.com.

# # #

Media Contacts:
Rebecca Herold (for Privacy & Security Brainiacs), rebeccaherold@privacysecuritybrainiacs.com
Noah Herold (for Privacy & Security Brainiacs), noahherold@privacysecuritybrainiacs.com

ADDITIONAL INFORMATION:
PSB offers a sliding scale to lower prices as the number of learner attendees increases, as well as a price break of 50% off for clients agreeing to become beta testers of new courses as they are developed. Organizations interested in these arrangements are encouraged to contact PSB at info@privacysecuritybrainiacs.com.

The PSB online courses service offers a variety of benefits for individual IT professionals, as well as for business leaders in charge of their organizations’ training strategies. The initial purchase of a course establishes a free administrator account that can manage additional learners whom the administrator manages. The PSB platform provides an extensive administrator and learner tracking-and-reporting portal and access to a wide range of functionality.

From the portal, administrators can track the training activities of learners, view quiz results, push classes and supplemental materials to learners and create certificates for learners who have completed their assigned course. Special certificates are available for those who pass quizzes, as well as those who pass with exceptional scores. Private learning portals for each learner display the learner’s course history, including details like course title, completion date and time, quiz results, access to past courses and materials, as well as communication options for the learner and the administrator.

Rebecca Herold
Privacy and Security Brainiacs
+1 515-491-1564
rebeccaherold@privacysecuritybrainiacs.com
Visit us on social media:
Facebook
Twitter
LinkedIn
YouTube