Guidelines for reducing risk through secure application development were released on Wednesday by a major financial services technology consortium.
The BITS Software Assurance Framework "provides strategic steps and program components to improve the design, creation and implementation of safe applications by financial institutions and third-party providers,” said BITS, the technology policy division of The Financial Services Roundtable in Washington, D.C.
Guidelines in the paper cover such topics as setting a security standard, training, building security and resilience into the design, threat modeling, coding practices and security testing.
The guidelines were developed by financial and software security specialists and are intended to “complement the mature software assurance controls financial institutions currently employ,” BITS said.
“Building safe software is a necessity, a priority and a complex process for financial institutions,” said Paul Smocer, BITS president. “The BITS Framework offers a practical approach to software security through strong design, implementation and testing processes.”
The Software Assurance Framework document is available online.