The U.S. National Institute of Standards and Technology has published draft guidelines that set out to help tech companies bolster software security while working to help consumers choose the most secure technologies, Nextgov reports. The framework involves principles for software preparation, protection, creation and vulnerability response. “Following these practices should help software producers reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences,” NIST wrote in the framework. “Software consumers can reuse and adapt the practices in their software acquisition processes.” The guidelines also feature a call for the creation of a bill of materials that will help expedite vulnerability patches. The framework will be open for public comment until Aug. 5.
If you want to comment on this post, you need to login.