Code of Practice for Software Vendors: call for views
The UK government is seeking industry feedback on a draft Code of Practice for Software Vendors to enhance software resilience and security, part of the £2.6 billion National Cyber Strategy.
Read original article
The UK government is seeking industry feedback on a draft Code of Practice for Software Vendors aimed at enhancing the resilience and security of software. This initiative is part of the £2.6 billion National Cyber Strategy, which focuses on improving cyber resilience across the UK economy and strengthening digital supply chains. The draft code outlines essential security measures expected from organizations that develop or sell software used by businesses. It aims to address common software development and distribution mistakes and improve information sharing between software vendors and their customers, thereby reducing the risk and impact of software supply chain attacks.
The call for views is open until 11:59 PM on 9 August 2024, and the government encourages stakeholders to provide input on the proposed design and implementation of the code. This effort follows extensive stakeholder engagement to develop a comprehensive package of policy interventions. Additionally, there is a related call for views on AI cyber security, which aligns with the software vendors' code. Interested parties can respond online or via email to the Department for Science, Innovation and Technology. The government emphasizes the importance of this feedback in shaping effective practices for software security in the UK.
Related
CISA and Partners Guidance for Memory Safety in Critical Open Source Projects
CISA, FBI, and Australian Cyber Security Centre collaborate on memory safety guidance for open source projects. Emphasizes risk understanding, roadmap creation, and collaboration with the open source community for enhanced cybersecurity.
The IT Industry is a disaster (2018)
The IT industry faces challenges in IoT and software reliability. Concerns include device trustworthiness, complex systems, and security flaws. Criticisms target coding practices, standards organizations, and propose accountability and skill recognition.
UK cyber-boss slams China's bug-hoarding laws
The UK's NCSC CEO criticized China's cyber laws, citing concerns over cyber activities. AWS denied business issues in China. Japan found remnants of a supernova. India succeeded in telecom manufacturing incentives. Mt Gox repaid investors. Singapore intervened in Grab's acquisition. Australia ordered a tech review. Various alliances and deals occurred in the Asia-Pacific region, reflecting cybersecurity, tech advancements, and regulations.
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft is reconsidering security vendor access to the Windows kernel after a CrowdStrike update outage affected 8.5 million PCs, emphasizing the need for improved resilience and collaboration in security practices.
Microsoft backs down over rivals' Vista access (2006)
Microsoft will provide security software developers access to Windows Vista's kernel for monitoring, addressing antitrust concerns. However, skepticism remains regarding the availability of necessary APIs before Vista's launch.
0 commentsRelated
CISA and Partners Guidance for Memory Safety in Critical Open Source Projects
CISA, FBI, and Australian Cyber Security Centre collaborate on memory safety guidance for open source projects. Emphasizes risk understanding, roadmap creation, and collaboration with the open source community for enhanced cybersecurity.
The IT Industry is a disaster (2018)
The IT industry faces challenges in IoT and software reliability. Concerns include device trustworthiness, complex systems, and security flaws. Criticisms target coding practices, standards organizations, and propose accountability and skill recognition.
UK cyber-boss slams China's bug-hoarding laws
The UK's NCSC CEO criticized China's cyber laws, citing concerns over cyber activities. AWS denied business issues in China. Japan found remnants of a supernova. India succeeded in telecom manufacturing incentives. Mt Gox repaid investors. Singapore intervened in Grab's acquisition. Australia ordered a tech review. Various alliances and deals occurred in the Asia-Pacific region, reflecting cybersecurity, tech advancements, and regulations.
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft is reconsidering security vendor access to the Windows kernel after a CrowdStrike update outage affected 8.5 million PCs, emphasizing the need for improved resilience and collaboration in security practices.
Microsoft backs down over rivals' Vista access (2006)
Microsoft will provide security software developers access to Windows Vista's kernel for monitoring, addressing antitrust concerns. However, skepticism remains regarding the availability of necessary APIs before Vista's launch.