Episode 164: Secure by Design in Software Development
In Episode 164 of Cybersecurity Where You Are, Tony Sager sits down with Curt Dukes, EVP and General Manager of Security Best Practices at the Center for Internet Security® (CIS®), and Steve Lipner, Executive Director of SAFECode.org. Together, they explore the evolution of secure software development and why secure by design is critical for reducing risk in today’s complex environments.
Here are some highlights from our episode:
- 01:08. Introductions to Curt and Steve
- 04.01. The historical challenge of implementation errors in software security
- 08:41. The emergence of secure by design and the need to measure against specified criteria
- 14:39. The value of artifacts as evidence of secure software development
- 28:52: How the CIS Critical Security Controls® (CIS Controls®) support secure software
- 39:59. The use of community projects to address challenges like secure by design
Resources
- Secure by Design: A Guide to Assessing Software Security Practices
- How Secure by Design Helps Developers Build Secure Software
- CIS, SAFECode Launch Secure by Design Guide to Help Developers Meet National Software Security Expectations
- Episode 107: Continuous Improvement via Secure by Design
- Secure by Design
- Secure Software Development Framework
- Episode 63: Building Capability and Integration with SBOMs
If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.