During the G7 meeting in Hiroshima in May, the Quad nations (Australia, India, Japan and the United States) launched a series of “Joint Principles for Secure Software”as part of its ongoing cybersecurity partnership.
The document states that the four nations will promote a culture in which “software security is a matter of design and default.” To meet this commitment, the governments of the four countries have agreed to change their procurement rules to encourage safe design.
In short, if you want to sell your software to these four governments, you will have to attest that it complies with secure software development practices and you will be encouraged to report it to a national vulnerability disclosure program.
Secure design practices are becoming a key priority for cybersecurity agencies and governments around the world. This latest announcement follows a new set of guidelines aimed at helping software makers “embed security by design and default” that the Australian Cyber Security Center published alongside cybersecurity authorities in the US, Canada , United Kingdom, Germany, Netherlands and New Zealand, in April.
In the United States, the Biden administration is trying to go far beyond simply changing procurement rules and issuing guidelines; wants to make software vendors legally responsible for security. We may soon see other countries follow suit and secure design become a legal imperative.
Why we need secure design
No one working in the cybersecurity sector needs to be informed about the prevalence of the cyber threat. Almost every aspect of our lives depends on software that is under constant attack.
Governments are finally taking action on what many in the cybersecurity sector have long known. The market alone is not enough for software manufacturers to produce more secure software. Instead, incentivized to bring their products to market quickly, software vendors have taken security shortcuts, leaving vulnerabilities for threat actors to exploit.
Even those organizations that prioritize security often focus too much effort on the end of the software development process, where scanning software through application security testing tools can miss more complex flaws in an application’s design. .
The result is software vulnerable to attacks, and the responsibility for security falls on non-expert users, individuals and companies.
Secure software design
To create software that is secure, we must seek to identify security flaws in the design through the process of threat modeling. This should happen before a single line of code is written.
Threat modeling is the process of analyzing software for potential risks and determining the most effective ways to mitigate them. It focuses on asking four fundamental questions:
- What are we working on?
- What can go wrong?
- What are we going to do about it?
- Did we do a good enough job?
Until relatively recently, the traditional approach to threat modeling involved solving these four questions and producing the threat model on a whiteboard. However, in an age where some organizations are building thousands of applications, this model is becoming increasingly impractical.
The good news is that the global push for secure design coincides with the development of automated threat models. New technology means that a developer can now automate a threat model that generates many of the threats and countermeasures relevant to them.
However, the key challenge to widespread adoption of secure design is not the tools; They are the skills and organizational culture.
Developers who design software focus on functionality rather than vulnerabilities, and many, although brilliant at writing code, simply do not have the skills or experience to identify where and how an attacker could get in. Organizations must increase their threat modeling capabilities through training and support, as well as by implementing new tools.
A cultural change is also required. Effective threat modeling must involve the developer because they will ultimately be the ones designing and writing the software. However, in many organizations, security is considered the sole responsibility of the security team, even though developers will always outnumber security professionals.
These two teams must work together from the beginning of the software development process to make a secure design possible, and organizations must prioritize threat modeling as a strategically important activity.
There is a growing global consensus on the need for software to be secure by design.
Organizations that fail to make threat modeling a core part of their software design processes will quickly fall behind as demands from governments and cybersecurity authorities increase. What started with procurement guidelines and rules could soon result in software vendors finding themselves on the wrong side of laws and regulations.
Stephen de Vries is the CEO of IriusRisk.