CISA and Partners Release Call to Action to Close the National Software Understanding Gap

Today, CISA—in partnership with the Defense Advanced Research Projects Agency (DARPA), the Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E), and the National Security Agency (NSA)—published Closing the Software Understanding Gap. This report urgently implores the U.S. government to take decisive and coordinated action.

 Software understanding refers to assessing software-controlled systems across all conditions. Mission owners and operators often lack adequate capabilities for software understanding because technology manufacturers build software that greatly outstrips the ability to understand it. This gap, along with the lack of secure by design software being created by technology manufacturers, can lead to the exploitation of software vulnerabilities.

 The U.S. government has engaged in activities that have paved the way toward improving software understanding, including research investments, mission agency initiatives, and policy actions. This report further explores the opportunity for enhanced coordination to strengthen technical foundations and progress towards a more vigorous understanding of software on a national scale. To learn more about development practices and principles that build cybersecurity into the design and manufacture of technology products, visit CISA’s Secure by Design webpage.