Secure by Design means different things to different people. As part of Lawfare’s ongoing project to understand what Secure by Design might mean in practice, we are trying to identify the open questions—areas where research or inquiry might help our collective understanding of the concept and how it might work. Lawfare Contributing Editor Paul Rosenzweig sat down with three Senior Advisers to CISA—Lauren Zabierek, Jack Cable, and Bob Lord—who work on the cutting edge of SbD design and implementation, to get their thoughts on research that would be of ongoing value to their efforts to define an SbD standard.
For more information, including the resources mentioned in this episode:
- Press Release: CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide | CISA
- Press Release: CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps | CISA
- Blog: The Next Chapter of Secure by Design | CISA
- Expanded Secure by Design Publication: Secure-by-Design | CISA
- White Paper: https://www.cisa.gov/
resources-tools/resources/ (English and Spanish versions available).secure-by-design - Blog on Memory Safety: The Urgent Need for Memory Safety in Software Products | CISA
- Applying Secure By Design to events : Applying “Secure By Design” Thinking to Events in the News | CISA
- RFI on secure software attestation form: CISA Requests Comment on Draft Secure Software Development Attestation Form | CISA
- Director Jen Easterly on updated Secure by Design in Singapore (start 2:12): SICW Opening Ceremony & SICW High-Panels – Opening Plenary – YouTube
- Rosenzweig on Auto/Cyber Liability: https://tcg-
website-prod.azurewebsites. net/the-evolving-landscape-of- cybersecurity-liability/ - Unsafe At Any Speed: CISA’s Plan to Foster Tech Ecosystem Security (youtube.com)