The idea of improving the security of fielded software in domains with critical security requirements through the development of a “building code” that might be used by customers, developers, and evaluators was first proposed in 2012 by Carl Landwehr.  The availability and use of such a code can enable the marketplace to reward producers of systems with stronger security properties.

Building Code for Power System Software Security

Both the attractiveness of power systems as targets of cyberattack and their vulnerability to remote attack via digital networks has been made clear by recent world events.  While policy makers seek means to deter such attacks politically, surely the most effective way to reduce their attractiveness as targets is to reduce their vulnerability to such attacks.  The results of the workshop presented here have the objective of reducing the vulnerability of future power systems to remote attacks that exploit vulnerabilities in the code – software or firmware – that controls their operation.

Read the full document here:


Building Code for Medical Device Software Security

The elements presented here aim to start builders of software for medical devices down the road toward a building code for software security that will reduce the vulnerability of their systems to malicious attacks. Created by a group of 40 volunteers with a wide range of backgrounds, including cybersecurity, programming languages, software engineering, medical device development, device standards, and medical device regulation.

Read the full document here: