Increasingly, companies and governments start to realize that secure
software is not a matter of rules, laws and oversight, but needs to be
deeply embedded in services and organizations. Quality and security are
not primarily specifications of software, but must be embedded in the
agile software development process.
Agile, SCRUM and DevOps are, in todays world, the leading paradigm for
development and for shortening the delivery time of working software.
Today there are companies that release several times an hour new
functionalities. This focus on delivering both in business software as
well as in IoT/SCADA, mobile, medical, automotive software is not without
risk. If the process is not sufficiently covering security, there is
increased risk of successful hacks, exploits and other cyber related
events.
The speaker explains how the approach taken by the SSA optimally matches
the new insights from policy makers for developing secure software and
services, in order to make products and online services safe. The Secure
(Agile) Software Framework focusses on the measures for secure agile
software development providing several controls and measures to work
during the software delivery cycle.
Also, the Secure (Agile) Software Framework will be published during the
One Conference. One of the contributors to the framework is Centre for
Information Security and Privacy Protection, that provides guidelines for
(government)organizations how to deal with security of software from a
customer-perspective.
After the presentation, a government official (ministry EZK) and a
project lead of Partnering Trust, will be briefly interviewed about their
view on the SSF with respect to the Roadmap Secure Digital Hard and
Software; the relationship towards the governmental policy with respect to
cyber security and secure software development; and the cooperation with
Partnering Trust, a private-public initiative with ECP, Zeker-Online and
others, part of the NL Government "Roadmap Digital Hard- and Software
Security".