BITS Lists Software GuidelinesFinancial Framework Will Improve Software Security for Banking
Known as the Software Assurance Framework, the guidelines provide strategic steps and program components to improve the design, creation and implementation of safe applications by financial institutions and third-party providers.
The framework addresses the following key component areas:
- Education and training;
- Security software assurance development standard;
- Threat modeling;
- Coding practices;
- Security testing;
- Pre-implementation practices;
- Software assurance documentation archive best practices;
- Post-implementation phase controls.
IT risk controls are more effective when they're imbedded within core business processes during software development, rather than being added later or bolted on risk assessments, BITS says.
The framework and guidance has been developed by subject matter experts focused on software for financial services. The aim is to provide financial institutions with a tool for improving software security controls and practices, BITS says.
Insecure software provides a number of risks to institutions, including increased attacks, potential exposure of personally identifiable customer and member information, and the theft of corporate information and intellectual property.