Policy research report ‘Governance Approaches to the security of digital products’

The report provides an overview of public policies around the security of digital products. It summarizes the challenges that public policymakers are frequently facing in this context and the solutions that have been adopted. The report also elaborates how the relatively new policy area of digital product security can be distinguished from cybersecurity regulations around critical infrastructure protection and data security.

The report was commissioned by the Swiss Federal Department of Foreign Affairs in order to support the Geneva Dialogue. Interviews with public officials from seven different jurisdictions were conducted in order to achieve better insights into domestic policies. The report was prepared by the Center of Security Studies at ETH Zürich and presented at a Geneva Dialogue event dedicated to the security of digital products and their regulatory environment in September 2021.

Output report ‘Security of digital products and services: Reducing vulnerabilities and secure design: Good practices’

The report is a result of the industry partner inputs during the fourteen discussions of the Geneva Dialogue in 2020 (May-November 2020), and a number of written contributions submitted in that period. As part of the GD, partners agreed to focus on defining secure design and vulnerability management, as well as associated implementation practices.

Based on these discussions, this document sets out the definitions related to secure design that have been agreed upon by the partners and highlights some of the best practices that the partners are following. The document also emphasises the organisational and planning resources and processes needed to implement those best practices, and lists some of the key resources recommended by partners.

This document is primarily targeting those developing software, hardware, cloud, and system solutions – primarily companies, but other institutions and organisations as well. Best practices and certain challenges can also be useful to both regulators and customers to better understand the environment in which digital products are being developed and secured.