Germany is known for its strict regulations regarding data protection and IT security especially in public sector. More and more sensitive data between citizens and public authorities is being transmitted over the internet and processed by web applications. Often this software is developed by third parties and contains severe security vulnerabilities.
The “Bundesamt für Sicherheit in der Informationstechnik” (abbr. BSI, engl. Federal Office for Information Security, www.bsi.bund.de/EN/) is the national security agency in Germany with the goal to promote IT security. The BSI and SEC Consult have developed together new guidelines on how to securely develop software for German public authorities to ensure data protection and information security in general in software products. The guidelines have following aims:
- Support for procurement of secure web applications for public authorities in Germany
- Support for vendors and custom software providers to deliver secure web applications for public authorities in Germany
Despite the fact that the guidelines have been developed for German public authorities, they can be used for any other company or organization in and outside of Germany.
The guidelines consider different perspectives, but focus on the same goal – to improve the software security of web applications.
- The first guideline „Guideline for the development of secure web applications – recommendations and requirements for contractors“ (in German: „Leitfaden zur Entwicklung sicherer Webanwendungen – Empfehlungen und Anforderungen an die Auftragnehmer”) gives advice for the software development process and the implementation for contractors developing software for the German government.
- The second guideline „Guideline for the development of secure web applications – recommendations and requirements for contracting entities in government“ (in German: “Leitfaden zur Entwicklung sicherer Webanwendungen – Empfehlungen und Anforderungen an Auftraggeber aus der öffentlichen Verwaltung”) supports public authorities to check that the applications security requirements for secure web applications.
The BSI guideline for the development and procurement of secure web applications can be downloaded free from the BSI website (only in German!):