Today the Department of Homeland Security and Carnegie Mellon® Software Engineering Institute (SEI) launched a secure, web-based software assurance portal called Build Security In (BSI). The Portal, which can be accessed at http://buildsecurityin.us-cert.gov, offers best practices, tools and other resources to help software developers, architects and security practitioners create more secure and reliable software.
The BSI Portal was launched at the Department of Homeland Security-Department of Defense Software Assurance Forum that brings together technology experts from government, industry, and academia to examine the impact of software assurance on America’s critical infrastructure. It is a key part of the DHS Software Assurance Program that partners with the private sector to reduce software vulnerabilities, minimize exploitation, and deploy trustworthy software products by assuring security is part of software development.
“Securing our software systems is critical to protect the vast infrastructure that these systems support and operate,” said Andy Purdy, acting director of the National Cyber Security Division at the Department of Homeland Security. “Our software assurance efforts are focused on working with academia and the private sector to shift the paradigm from patch management to true software assurance. Our objectives are to raise the bar on software quality and security by improving software development and acquisition processes and practices. ”
Many security incidents are the result of exploits against defects in the design or code of software. According to the research firm Gartner, software code attacks cost companies $13.2 billion in 2004. The approach most commonly used to address software defects is to retroactively patch on devices that make it more difficult for defects to be exploited.
The BSI Portal seeks to alter the way that software is developed and provide resources and tools to “build in” security from the start so it is less vulnerable to attack.
“We look forward to partnering with Homeland Security and members of the software assurance community to improving and protecting our critical infrastructures,” said Richard D. Pethia, director of the SEI Networked Systems Survivability Program. “Community involvement in the direction of the portal content will help to ensure that the BSI knowledge portal is continuously delivering the information, data, and facts the software community needs to create secure systems.
About the Department of Homeland Security’s Information Analysis and Infrastructure Protection Directorate The U.S. Department of Homeland Security’s Information Analysis and Infrastructure Protection (IAIP) Directorate serves as the focal point for intelligence analysis, infrastructure protection operations, and information sharing. IAIP merges the capability to identify and assess a broad range of intelligence and information concerning threats to the homeland, maps that information against the Nation’s vulnerabilities, issues timely and actionable warnings, and takes appropriate preventive and protective measures to protect our infrastructures and key assets.
About The Software Engineering Institute (SEI) The Software Engineering Institute (SEI) is a U.S. Department of Defense federally funded research and development center operated by Carnegie Mellon University. The SEI helps organizations make measured improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. For more information, visit the SEI Web site at www.sei.cmu.edu.