Secure Development Practices
About this theme
Secure by Design is extremely high on HMG’s list of priorities, whether that is to facilitate secure by default IoT commodity products for the consumer or reducing online harm by ensuring that companies have the right processes and systems in place to fulfil their obligations. Secure by Design is the first cousin of Safety by Design and Privacy by Design, and the three need to work in harmony (via both a cross-government and global collaborative effort) to ensure clarity for manufacturers, developers and engineers.
There is a plethora of advice and guidance, standards and frameworks that has existed for a number of years for secure software development. However, real-world evidence and our own RISCS portfolio of Developer Centred Security has demonstrated that these resources have struggled to engage and be relevant to software developers. Existing resources also contain little on usability and resilience.
This theme will continue this work and expand the remit to reach across a number of engineering and manufacturing disciplines and sectors to address this issue and support businesses to embed security during the development or update of their products and services.