The European Union Agency For Cybersecurity (ENISA) has published a study introducing “good practices” for the Internet of Things (IoT) security, with a particular focus on software development guidelines.
ENISA has been working in this field since 2004. The study is mainly targeted at IoT software developers, integrators and platform and system engineers. Its aim is to serve as a point of reference for secure IoT development.
The report provides security considerations and guidelines for all phases of software development, beginning from requirements, software design and development/implementation, all the way to testing and acceptance, integration and deployment, as well as maintenance and disposal.
It underlines the need to consider end-to-end IoT security, not only focusing on smart devices, network protocols and communications, but also taking a step back and methodically integrating cybersecurity by design principles throughout the software development lifecycle.
Why ENISA came out with this report is that establishing secure development guidelines across the IoT ecosystem is a major problem for IoT security. By providing good practices on how to secure the IoT software development process, this study tackles one aspect for achieving security by design, a key recommendation that was highlighted in the ENISA Baseline Security Recommendations study which focused on the security of the IoT ecosystem from a horizontal point of view.
For the entire report, click here.
Image Credit: ENISA