Software resilience and security for businesses and organisations
Our key points were:
- The rapid increase in software complexity and our everyday reliance on it can lead to vulnerabilities that are exploited by crime-focused, state-sponsored, or ideologically-based terrorism. This can result in business critical, financial, and reputational damage.
- Cyber risks need to be managed as a core element of the UK’s national recovery plan and as part of key company board decisions. Consistent resource investment is needed to maintain technological excellence and competitiveness.
- Greater government/industry intervention is required around barriers in the open source community; transparency and communication of software materials, vulnerabilities, and incident management; procurement supplier assurance/management; software maintenance, configuration, and management.
- Proportionate regulation would allow for innovation, whilst minimising risk levels.
- Software vulnerabilities also occur via accidental vulnerabilities through a lack of awareness of what software code is doing. This could get worse with the development of AI.
- Senior leaders and managers need to drive cultural change around software competence.
- There’s a challenge finding people with the required skills at competitive salary rates. Competency frameworks and lists of recognised qualifications would help provide organisational reassurance over developer competence in particular areas.
- Key cyber security roles should have protected status (in the same way as ‘medical doctor’) to help drive up and guarantee standards.