Quad nations pledge to joint secure software principles

The Quad partners, comprising the United States, Japan, India, and Australia, announced a joint pledge to secure software principles to promote a culture where software security is prioritised and default practice, following the official press release by the Australian government.

The Quad countries aim to improve software security collectively by establishing minimum cybersecurity guidelines for governments in software development, procurement, and usage. Each Quad country plans to create policy frameworks aligned with international obligations and domestic laws to implement these guidelines. The Quad will engage with the software industry to promote secure practices and reduce vulnerabilities throughout the software lifecycle.

Additionally, the Quad partners will encourage self-attestation or third-party certification of secure software development practices by software producers and participation in national vulnerability disclosure programs. These efforts are aimed at enhancing software security and safeguarding the software supply chain.

This announcement comes after the USA called for stronger software security in its recent National Cybersecurity Strategy, which also includes a pillar for shifting liability for secure software products and services away from users to manufacturers. Earlier this year, the US Cybersecurity and Infrastructure Security Agency (CISA) also announced its plans to release the secure-by-design principles to encourage the adoption of safe coding practices, as a part of the Biden administration’s national cybersecurity strategy.