safety compass released SD Elements 2022.3, which delivers new features that make it easier for software developers to identify software application security threats and know exactly where to implement countermeasures to mitigate the risks.
The latest version of SD Elements also includes new security content that allows software development organizations to demonstrate compliance with the latest National Institute of Standards and Technology (NIST) threat modeling and secure development practices referenced in the Executive Order. Executive (EO) 14028, “Enhancing the nation’s cybersecurity.
New features in SD Elements help organizations comply with the latest NIST software threat modeling and secure development standards, even when security knowledge and the availability of security experts are limited.
Other benefits include better collaboration between security, software development, hardware engineering, and DevOps teams, as well as reduced time and cost associated with modeling software threats and demonstrating compliance with multiple security standards and regulations such as EO 14028 as well as over 80 other secure solutions. development industry regulations and guidelines.
Main updates of SD Elements 2022.3
- Developer-Centric Threat Modeling Diagram Enhancements: Spotting threats is important, but knowing where the threats are and how to prioritize and mitigate them is even more important. New Threat Modeling Diagram enhancements help software development and application security teams better understand where the threat exists, which threats to prioritize for remediation first, and exactly where countermeasures should be applied.
- New customizable dashboards in Advanced Reporting: New dashboards allow application security teams to identify the most prevalent threats and weaknesses across the organization’s software portfolio, as well as perform in-depth analyzes of their software security and their compliance position both by project and across their software. wallet.
- New security content: New security content helps organizations meet U.S. federal government security requirements under Executive Order (EO) 14028, “Improve the Nation’s Cyber Security”; new Ansible infrastructure as code (IaC) and automotive supply chain (UNECE WP.29/R155) security content helps ensure that software development teams have the guidance they need to ensure that the code they write conforms to secure development best practices.
- New integrations: SD Elements’ extensive integration ecosystem now includes a new integration for Micro Focus Fortify on Demand.
- New just-in-time training content: 34 new Terraform Infrastructure as Code (IaC) and Payment Card Industry (PCI) Software Security Framework (SSF) just-in-time training micromodules have been added to the existing library of over 800 just-in-time training micromodules already included in the elements SD.
- New Developer-Centric eLearning Courses: New eLearning courses for Terraform, PCI SSF, OWASP Top 10 and OAuth Security Fundamentals have been added to the existing library of over 40 Security Compass eLearning courses focused on application security, operational security, compliance and best practices secure coding.
“The importance of software threat modeling continues to grow”, Trevor YoungChief Product Officer, Security Compass, said.
“NIST now recommends that software developers follow secure software development best practices and perform multiple software threat modeling during development, especially when developing new features. All companies that sell (or wish to sell) software to the US Federal Government, whether directly or through resellers or other channels, must comply with EO 14028 by September 15, 2023 and should therefore quickly begin to assess their compliance with the latest NIST guidelines. and develop action plans to close the gaps,” Young added.