Media Contact
Kelly Kimberland
Phone: 412-268-4793
Fax: 412-268-5758
E-mail: public-relations@sei.cmu.edu

Today the Department of Homeland Security and Carnegie Mellon® Software  Engineering Institute (SEI) launched a secure, web-based software assurance  portal called Build Security In (BSI). The Portal, which can be accessed at  http://buildsecurityin.us-cert.gov,  offers best practices, tools and other resources to help software developers,  architects and security practitioners create more secure and reliable software.

The BSI Portal was launched at the Department of Homeland Security-Department  of Defense Software Assurance Forum that brings together technology experts  from government, industry, and academia to examine the impact of software assurance  on America’s critical infrastructure. It is a key part of the DHS Software  Assurance Program that partners with the private sector to reduce software vulnerabilities,  minimize exploitation, and deploy trustworthy software products by assuring  security is part of software development.

“Securing our software systems is critical to protect the vast infrastructure  that these systems support and operate,” said Andy Purdy, acting director  of the National Cyber Security Division at the Department of Homeland Security.  “Our software assurance efforts are focused on working with academia and  the private sector to shift the paradigm from patch management to true software  assurance. Our objectives are to raise the bar on software quality and security  by improving software development and acquisition processes and practices. ”

Many security incidents are the result of exploits against defects in the design  or code of software. According to the research firm Gartner, software code attacks  cost companies $13.2 billion in 2004. The approach most commonly used to address  software defects is to retroactively patch on devices that make it more difficult  for defects to be exploited.

The BSI Portal seeks to alter the way that software is developed and provide  resources and tools to “build in” security from the start so it  is less vulnerable to attack.

“We look forward to partnering with Homeland Security and members of  the software assurance community to improving and protecting our critical infrastructures,”  said Richard D. Pethia, director of the SEI Networked Systems Survivability  Program. “Community involvement in the direction of the portal content  will help to ensure that the BSI knowledge portal is continuously delivering  the information, data, and facts the software community needs to create secure  systems.

About the Department of Homeland Security’s Information Analysis  and Infrastructure Protection Directorate  The U.S. Department of Homeland Security’s Information Analysis and Infrastructure  Protection (IAIP) Directorate serves as the focal point for intelligence analysis,  infrastructure protection operations, and information sharing. IAIP merges the  capability to identify and assess a broad range of intelligence and information  concerning threats to the homeland, maps that information against the Nation’s  vulnerabilities, issues timely and actionable warnings, and takes appropriate  preventive and protective measures to protect our infrastructures and key assets.

About The Software Engineering Institute (SEI)  The Software Engineering Institute (SEI) is a U.S. Department of Defense federally  funded research and development center operated by Carnegie Mellon University.  The SEI helps organizations make measured improvements in their software engineering  capabilities by providing technical leadership to advance the practice of software  engineering. For more information, visit the SEI Web site at www.sei.cmu.edu.