Privacy & Information Security Law Blog

On September 8, 2017, the Federal Trade Commission published the eighth blog post in its “Stick with Security” series. As previously reported, the FTC will publish an entry every Friday for the next few months focusing on each of the 10 principles outlined in its Start with Security Guide for Businesses. This week’s post, entitled Stick with Security: Apply sound security practices when developing new products, outlines the importance of building security into product development from the start.

Measures companies can take to apply sound security practices when developing new products include:

• Training Engineers in Secure Coding: Create a work environment where staff are encouraged to build in security at every stage of product development, from the concept stage all the way until the product reaches the market and even after its release.
• Following Platform Guidelines for Security: Major platforms have guidelines for developers to assist in keeping sensitive data secure. Such advice should be taken into account during the design of new products.
• Verifying that Security Features Work: Building in security features is an important aspect of product development but, before the product is launched in the marketplace, companies should verify that its security features work (i.e., they are enabled and operating properly). Companies must also ensure any representations made to consumers about the nature of the product’s security are truthful and supported by proof.
• Testing for Common Vulnerabilities: Although there is no way to make a product 100% hack-proof, companies should test the product’s built in security defenses against known risks. In addition, companies should stay up to date on new security threats by following public discussions of researchers, technology experts, industry members and government agencies, and revise their product designs accordingly.

The guidance concludes with a key lesson for businesses: building security from the ground up is a cost-effective approach to innovation.

The FTC’s next blog post, to be published on Friday, September 15, will focus on ensuring your service providers implement reasonable security measures.

To read our previous posts documenting the series, see FTC Posts Seventh Blog in its “Stick with Security” Series, FTC Posts Sixth Blog in its “Stick with Security” Series, FTC Posts Fifth Blog in its “Stick with Security” Series, FTC Posts Fourth Blog in its “Stick with Security” Series, FTC Posts Third Blog in its “Stick with Security” Series, and FTC Posts Second Blog in its “Stick with Security” Series.