search menu icon-carat-right cmu-wordmark

Build Security In

Build Security In
October 3, 2005 • Press Release

Build Security In

Media Contact
Kelly Kimberland
  Phone: 412-268-4793
Fax: 412-268-5758

Today the Department of Homeland Security and Carnegie Mellon® Software   Engineering Institute (SEI) launched a secure, web-based software assurance   portal called Build Security In (BSI). The Portal, which can be accessed at,   offers best practices, tools and other resources to help software developers,   architects and security practitioners create more secure and reliable software.

The BSI Portal was launched at the Department of Homeland Security-Department   of Defense Software Assurance Forum that brings together technology experts   from government, industry, and academia to examine the impact of software assurance   on America’s critical infrastructure. It is a key part of the DHS Software   Assurance Program that partners with the private sector to reduce software vulnerabilities,   minimize exploitation, and deploy trustworthy software products by assuring   security is part of software development.

“Securing our software systems is critical to protect the vast infrastructure   that these systems support and operate,” said Andy Purdy, acting director   of the National Cyber Security Division at the Department of Homeland Security.   “Our software assurance efforts are focused on working with academia and   the private sector to shift the paradigm from patch management to true software   assurance. Our objectives are to raise the bar on software quality and security   by improving software development and acquisition processes and practices. ”

Many security incidents are the result of exploits against defects in the design   or code of software. According to the research firm Gartner, software code attacks   cost companies $13.2 billion in 2004. The approach most commonly used to address   software defects is to retroactively patch on devices that make it more difficult   for defects to be exploited.

The BSI Portal seeks to alter the way that software is developed and provide   resources and tools to “build in” security from the start so it   is less vulnerable to attack.

“We look forward to partnering with Homeland Security and members of   the software assurance community to improving and protecting our critical infrastructures,”   said Richard D. Pethia, director of the SEI Networked Systems Survivability   Program. “Community involvement in the direction of the portal content   will help to ensure that the BSI knowledge portal is continuously delivering   the information, data, and facts the software community needs to create secure   systems.

About the Department of Homeland Security’s Information Analysis   and Infrastructure Protection Directorate   The U.S. Department of Homeland Security’s Information Analysis and Infrastructure   Protection (IAIP) Directorate serves as the focal point for intelligence analysis,   infrastructure protection operations, and information sharing. IAIP merges the   capability to identify and assess a broad range of intelligence and information   concerning threats to the homeland, maps that information against the Nation’s   vulnerabilities, issues timely and actionable warnings, and takes appropriate   preventive and protective measures to protect our infrastructures and key assets.

About The Software Engineering Institute (SEI)   The Software Engineering Institute (SEI) is a U.S. Department of Defense federally   funded research and development center operated by Carnegie Mellon University.   The SEI helps organizations make measured improvements in their software engineering   capabilities by providing technical leadership to advance the practice of software   engineering. For more information, visit the SEI Web site at