NESSI has published a paper on Software Security which reviews today’s challenges of securing software throughout the entire software development lifecycle and recommends research directions to address those issues. NESSI puts particular focus on those software security approaches and techniques that will play a role in the implementation of upcoming regulations such as the European Cyber Resilience Act.
Cyber attacks increasingly exploit vulnerabilities in software supply chains. Compromised software spreads along the distribution channels of the supply chains and leads to large-scale incidents with devastating effects for those who deploy and use the software. Such attacks raise serious concerns about the security of software products and digital services, leading regulatory authorities to launch initiatives with the aim of improving the security of software and software supply chains. The onus is on software security and software security engineering to mitigate the risks of vulnerabilities along the supply chain and throughout the entire software lifecycle.