Subscribe to the blog

Sign up to receive updates & news direct to your inbox

Xoomworks recognised for contributing to Secure Software Development Standards

by | February 15, 2022

News update

The US Department of Commerce’s National Institute of Standards and Technology (NIST) has just published its latest Secure Software Development Framework v1.1 (SSDF): Recommendations for Mitigating the Risk of Software Vulnerabilities (

Xoomworks is proud to receive a public acknowledgement from the authors of the publication for its “particularly helpful feedback”, thanks to the contributions and input from its Information Security team Director Erhan Ince:

“After contributing to and providing feedback to the SSDF draft, along with peers from organisations like AWS, Microsoft, Google, IBM and the US Navy, I’m delighted to have received public recognition for helping to update a framework that will be hugely useful for software producers. It’s recognition too of the quality of our expertise at Xoomworks – which should give our clients and partners more confidence in our ability to produce well-secured software.”

The SSDF is a set of fundamental, sound, and secure software development practices based on established secure software development practice documents. By following SSDF practices, software producers can:

  • reduce the number of vulnerabilities in released software

  • reduce the potential impact of undetected vulnerabilities being exploited

  • address the root cause of vulnerabilities to prevent them from reoccurring

By creating a common language for describing secure software development practices, the SSDF is an important communication tool for procurement processes and management activities. It helps organisations align and prioritise their software development with their business needs, appetite for risk, and resources.

By comparing business outcomes to SSDF practices, organisations can see where there are gaps and implement a prioritised action plan.

The publication is available free of charge from: