Cybersecurity Software products don't typically come with a Good Housekeeping Seal of Approval, but they will, if a public-private cybersecurity task force has its way. Cybersecurity Software products don’t typically come with a Good Housekeeping Seal of Approval, but they will, if a public-private cybersecurity task force has its way. This spring, the National Cyber Security Partnership Task Force on Technical Standards and Common Criteria published recommendations to reduce software security vulnerabilities A guiding ethos of the group was that the task of ensuring product security shouldn’t fall entirely on the shoulders of software executives and CSOs. The government can use its purchasing power to force vendors to build better products, and to set industrywide standards for security. The recommendations that the task force put forth are part of a larger effort to secure the U.S. critical information infrastructure. Among the recommendations were the following: Technology companies should do more to foster secure computer coding practices and code audits that eliminate software vulnerabilities. Companies should ship products with “secure by default” configurations and adhere to common product security “profiles” for different kinds of IT products. The federal government should invest in software vulnerability assessment technology and support standards groups like the National Institute of Standards and Technology and the National Information Assurance Partnership. The recommendations are intended to guide the decisions of software developers, purchasers and end users by making them more savvy about IT security. In fact, task force leaders believe that the government’s renewed focus on making common criteria certification a prerequisite for government procurement has already produced dramatic results in IT security. “This is just truth in advertising for software,” says Mary Ann Davidson, CSO at Oracle and cochairwoman of the task force. “Every vendor says its product is secure. We need an independent entity to vet those claims.” Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe