US Guidelines Aim to Bolster Software Security

The Homeland Security Department unveiled a new system of guidance intended to help make the software behind Web sites, power grids and other services less susceptible to hacking.

The system includes an updated list of the top 25 programming errors that enable today’s most serious hacks. It adds new tools to help software programmers eliminate the most dangerous types of mistakes and enable organizations to demand and buy more secure products. The effort to improve software security has been three years in the making, according to Robert A. Martin, principal engineer at Mitre, a technology nonprofit organization that conducts federal research in systems engineering. The costs of flaws or omissions that make software susceptible to attack was highlighted by a number of recent attacks that resulted in the theft of credit card information, user names and passwords from government and banking sites. During an online news conference, government officials pointed out that a wide range of stakeholders had an interest in seeing the top 25 errors addressed, and they stressed the need for better training and education for people writing software. Officials also noted that organizations are under “persistent” attack. The Homeland Security Department’s hope is that the program, which is voluntary, will make it easier for companies and agencies to better secure their corners of cyberspace and contribute to building safer global networks.