Forward of their discuss on Safe by Design at RSAC 2025, CSO caught up with Jason Healey, senior analysis scholar at Columbia College’s College of Worldwide and Public Affairs, and Chris Wysopal, co-founder and chief security evangelist at Veracode, to gauge their predictions for CISA’s program.
Each agreed that safe by design is an idea that predates CISA and can proceed within the non-public sector even when CISA abandons its program. “There may not be a CISA workplace that’s doing wonderful work on this anymore, however the concept that we now have to do it’s nonetheless going to be round, and hopefully we’ll proceed some momentum even when we don’t have Bob and Lauren to cheer it on,” Healey instructed CSO.
Metrics level to slowly enhancing software program security
Healey and Wysopal are huge believers in secure-by-design ideas, however they concede that few measurements can instantly show that additional effort on the outset of software program creation leads to safer merchandise. “How can we, amongst the symptoms and metrics we now have, throughout threats or vulnerabilities, throughout penalties or impacts, perceive if we’re shifting” towards extra security software program? Healey requested.
