In 2017, the Australian Cyber Security Centre (ACSC), a division of the Australian Signals Directorate (ASD), released the Information Security Manual (ISM). This comprehensive guide offers practical advice on safeguarding systems and data.
The recent update, which provides specific guidance on secure software development, is of particular relevance to software developers. The ISM's Guidelines for Software Development are designed to help developers create software that minimizes vulnerabilities and defends against potential cyber threats.
The ISM controls that make up the guidelines focus on six key areas applicable to traditional and mobile application development:
-
Development, testing, and production environments
-
Secure software design and development
-
Application security testing
-
Vulnerability disclosure program
-
Reporting and resolving vulnerabilities
ISM is part of a larger global movement to secure the software supply chain in the wake of several high-profile and serious attacks, including the SolarWinds attack in 2020 and the Log4Shell vulnerability in 2021. The United Kingdom, the European Union, and the United States all have unique requirements in cybersecurity mitigation, and you can learn more about global initiatives at Sonatype's Regulation and Compliance Resource Center.
Organizations are not yet required by law to comply with ISM, but it provides effective and practical guidance for companies to observe to be confident that they aren't in violation of existing legislation and defend against constant threats.
To help Australians understand the various controls and how they can be applied, we've developed an ISM User's Guide to Compliance. This document outlines each of the controls detailed in the Guidelines for Software Development and how Sonatype capabilities can help navigate their implementation.
Editor's note: Kenneth Jeffery served as co-author in creating this blog post.
Cameron Townshend Bsc, MSysDev, MCP CP Snr, MCSD - has extensive experience building large mission critical applications. Developed the WeatherChannel.com.au website and backend integration. This site won 2010 Kentico site of the year for Integration and 2011 Astra award for Most Outstanding Use of ...
Tags
Try Nexus Repository Free Today
Sonatype Nexus Repository is the world’s most trusted artifact repository manager. Experience the difference and download Community Edition for free.