Category: Software Security

A recent study by Lineaje has uncovered a startling lack of preparedness among organizations for the upcoming U.S. Cybersecurity & Infrastructure Agency’s (CISA) Secure Software Development Attestation Form deadline. The research, conducted at RSA Conference 2024, reveals that a mere 20% of companies are ready to meet the June 11, 2024, compliance deadline, a critical component of Executive Order (EO) 14028.

EO 14028, which mandates software producers to work with the U.S. government to confirm the deployment of key security practices, has been a focal point following a surge in software supply chain attacks. In 2023, these attacks affected over 2,700 U.S. organizations, marking a 58% increase from the previous year and underscoring the urgency of compliance.

Despite the clear risks and the mandate for Software Bills of Materials (SBOMs) since May 2021, Lineaje’s survey indicates that 84% of companies have yet to implement SBOMs into their development process. This gap in action suggests a disconnect between government cybersecurity efforts and industry implementation.

  • 65% of security professionals are unfamiliar with EO 14028.
  • 56% cite security vulnerabilities as their top concern, yet compliance adherence follows at only 22%.
  • 60% use open-source software, but only 16% are confident in its security.

Budget constraints and staffing shortages are cited as primary barriers to securing software and adopting necessary tools, with 45% pointing to budget limitations and 36% to lack of staffing resources.

This report serves as a wake-up call for the industry to prioritize cybersecurity compliance and awareness, as the consequences of inaction could be dire for both individual organizations and national security at large.

The post Upcoming June 11th CISA Deadline Exposes Widespread Unpreparedness in Software Security Compliance appeared first on Cybersecurity Insiders.

Software security professionals protect the entire software development lifecycle (SDLC) — from planning, design and release to maintenance, updates and replacement. They’re internationally recognized for being highly skilled in authentication, authorization and auditing throughout the SDLC using established best practices, policies and procedures.

Are you ready for a career in software security? ISC2, creator of the leading advanced cybersecurity certification, the CISSP, recommends these specific steps. 

1. Become an ISC2 Candidate. Begin your journey by joining ISC2, the world’s leading cybersecurity professional organization, more than 500,000 members, associates and candidates strong. As part of their One Million Certified in Cybersecurity pledge to help close the workforce gap, you’ll be able to access free Official ISC2 Online Self-Paced Training for Certified in Cybersecurity entry-level certification and a free exam. Candidates can also tap a full range of benefits, including 20% off online training and up to 50% off textbooks. Sign up now to get your first year free.

2. Start your journey toward CSSLP certification. Certified Secure Software Lifecycle Professional (CSSLP) demonstrates that you have the advanced knowledge and technical skills to effectively design, develop and implement security practices within each phase of the software lifecycle.

To qualify for the CSSLP, candidates must pass the exam and have at least four years of cumulative, paid work experience in one or more of the eight domains of the ISC2 CSSLP exam outline.

If you don’t yet have the required experience to become a CSSLP, you can become an Associate of ISC2 after successfully passing the exam. You will then have five years to earn the experience needed for certification. 

3. Keep learning.

Software security never stands still. It’s a constantly evolving field that requires continuing education to stay in front cyberthreats and on top of trends. Professionals can choose from a variety of flexible learning options, including:

ISC2 Certificates turn a laser focus on specific subject matters. And with courseware created on the hottest topics by cybersecurity’s most respected certifying body, you’re assured the most current and relevant content. Choose from online instructor-led or self-paced education with content created by industry experts:

Online Instructor-Led*

• Prerecorded lessons led by an ISC)2 Authorized Instructor

• Instruction that complements self-paced content

• Digital badges upon passing certificate assessments

Online Self-Paced

• Online learning at your own pace

• Videos available for download on demand

• Digital badges upon passing certificate assessments

Current ISC2 Certificate areas of focus include cloud security, risk management, CISO leadership, healthcare, security engineering, and security administration and operations.

*Online instructor-led only available for select certificates.

ISC2 Software Security Skill-Builders will help you learn valuable skills as you pursue a career in software security. Grow what you know with short-format learning designed to fit your busy schedule.

A career in software security provides the opportunity to make a significant impact on the world. Qualified professionals are indispensable to organizations, safeguarding their information and systems. See yourself in software security and get started today. Learn More.

More questions about CSSLP? Get Answers in the Ultimate Guide, everything you need to know about CSSLP. Download Now.

 

The post Thinking about a Career in Software Security? Follow This Path appeared first on Cybersecurity Insiders.