Joint US, Australian software vendor security guidance unveiled

The FBI, Cybersecurity and Infrastructure Security Agency, and the Australian Cyber Security Centre have partnered to establish new guidelines urging software manufacturers and cloud-based services to create secure software deployment processes that would help ensure the safety and reliability of their products, according to SecurityWeek.

Aside from implementing tougher quality assurance processes and improving vulnerability detection, software makers should also conduct phased rollouts and establish mechanisms for continuous feedback, noted the joint FBI, CISA, and ACSC recommendations. Software manufacturers have also been advised to not only consider customers’ needs, goals, and possible risks and costs but also leverage safe software development process playbooks. Agencies also pushed software makers to ensure timely and detailed notification of emerging issues to their partners and customers. “Software manufacturers should focus on improving their deployment practices and demonstrating their reliability to customers. Rather than slowing down deployments, software manufacturing leaders should prioritize enhancing deployment processes to ensure both security and stability,” said the guidance.