Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

White Paper (Draft)

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)

Date Published: June 11, 2019
Comments Due: August 5, 2019 (public comment period is CLOSED)
Email Questions to:


Donna Dodson (NIST), Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)



secure software development; secure software development framework (SSDF); secure software development practices; software acquisition; software development; software development life cycle (SDLC); software security
Control Families

Access Control; Awareness and Training; Contingency Planning; Program Management; Personnel Security; System and Information Integrity


SSDF Draft

Supplemental Material:
None available

Document History:
06/11/19: White Paper (Draft)
04/23/20: White Paper (Final)