In the wake of the CrowdStrike incident, the US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Australian Signals Directorate (ASD) have issued new guidance aimed at fostering secure software deployment practices earlier in the software development lifecycle (SDLC). The recommendations emphasize the critical need to integrate security into every phase of the SDLC, ensuring robust testing and minimizing risks from flawed deployments.
In speaking with reporter John P. Mello Jr., technology leaders and industry experts have welcomed the framework. Experts from organizations including Gomboc.ai and Keeper Security say the recommendations are both “solid” and “relevant” for fostering safe and secure software deployments.
John Terrill, CISO at Phosphorus Cybersecurity, highlighted how the new recommendations dovetail with CISA’s earlier Secure by Design initiative, introduced in April.
โSecure by Design is not just an application security idea,โ Terrill explained. โYou want secure components, you want best practices around scanning code, testing, productionโeverything. But you also want to ensure itโs all deployed in a reasonable, controlled manner.โ
Despite the initiativeโs value, Terrill and others in the industry acknowledge that much of the advice is not new. โAll of this is super common,โ Terrill said, noting that the guidance serves as a reminder to prioritize fundamental practices.
He added, โI think this is a little bit of CYA. They’re just making sure they’ve got the information out there so nobody can say they didnโt state it.โ
Read more at ReversingLabs and Security Boulevard for perspectives on this framework and the lessons learned from the CrowdStrike incident.
Read more from Phosphorus experts on recent cybersecurity news and trends in the following articles.
CISA’s Threat Sharing in a Death Spiral
Finding Your ‘Creative Maliciousness’: John Terrill guests on Security Breach