Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)
April 23, 2020

A new NIST Cybersecurity White Paper has been published today: Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF). It recommends a core set of high-level secure software development practices—called a secure software development framework (SSDF)—to be added to each software development life cycle (SDLC) implementation.

The paper facilitates communications about secure software development practices amongst business owners, software developers, and cybersecurity professionals within an organization. Following these practices should help software producers reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences. Software consumers can reuse and adapt the practices in their software acquisition processes.

Created April 22, 2020, Updated June 22, 2020