In the fast-changing fields of cybersecurity and software development, the importance of creating secure software is more crucial than ever. Recently, my colleagues and I at the Open Source Security Foundation (OpenSSF) finalized a response to the latest Secure by Design RFC from the Cybersecurity and Infrastructure Security Agency (CISA). We discussed various best practices and case studies on Secure Software Development Life Cycle (SDLC), Threat Models for Artificial Intelligence, and the economic impact of software upgrades in response to CISA's request.
Article Link: https://blog.sonatype.com/a-demand-for-real-consequences-sonatypes-response-to-cisas-secure-by-design