U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

White Paper

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)

Date Published: April 23, 2020

Author(s)

Donna Dodson (NIST), Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)

Abstract

Keywords

secure software development; secure software development framework (SSDF); secure software development practices; software acquisition; software development; software development life cycle (SDLC); software security
Control Families

Access Control; Awareness and Training; Contingency Planning; Program Management; Personnel Security; System and Information Integrity

Documentation

Publication:
White Paper (DOI)

Supplemental Material:
Local Download (pdf)

Document History:
06/11/19: White Paper (Draft)
04/23/20: White Paper (Final)