Photo credit: www.csoonline.com
Ahead of their discussion on Secure by Design at RSAC 2025, CSO engaged with Jason Healey, a senior research scholar at Columbia University’s School of International and Public Affairs, along with Chris Wysopal, co-founder and chief security evangelist at Veracode, to explore their expectations for CISA’s initiative.
Both experts emphasized that the secure-by-design principle is an established concept that will persist within the private sector, irrespective of CISA’s involvement. Healey noted, “Even if CISA were to halt its efforts, the underlying necessity for secure design will remain, and we hope the progress will continue without pivotal figures like Bob and Lauren to champion it.”
Metrics Indicate Gradual Progress in Software Security
While Healey and Wysopal are strong advocates for secure-by-design methodologies, they recognize the challenge in quantifying whether initial investments in security during software development yield more secure outcomes. “The question remains: how can we leverage available indicators and metrics—spanning various threats, vulnerabilities, and their impacts—to assess whether we are indeed moving toward more secure software?” Healey posed.
Source
www.csoonline.com