The US Department of Commerce’s National Institute of Standards and Technology (NIST) has just published its latest Secure Software Development Framework v1.1 (SSDF): Recommendations for Mitigating the Risk of Software Vulnerabilities (nist.gov)
Xoomworks is proud to receive a public acknowledgement from the authors of the publication for its “particularly helpful feedback”, thanks to the contributions and input from its Information Security team Director Erhan Ince:
“After contributing to and providing feedback to the SSDF draft, along with peers from organisations like AWS, Microsoft, Google, IBM and the US Navy, I’m delighted to have received public recognition for helping to update a framework that will be hugely useful for software producers. It’s recognition too of the quality of our expertise at Xoomworks – which should give our clients and partners more confidence in our ability to produce well-secured software.”
The SSDF is a set of fundamental, sound, and secure software development practices based on established secure software development practice documents. By following SSDF practices, software producers can:
reduce the number of vulnerabilities in released software
reduce the potential impact of undetected vulnerabilities being exploited
address the root cause of vulnerabilities to prevent them from reoccurring
By creating a common language for describing secure software development practices, the SSDF is an important communication tool for procurement processes and management activities. It helps organisations align and prioritise their software development with their business needs, appetite for risk, and resources.
By comparing business outcomes to SSDF practices, organisations can see where there are gaps and implement a prioritised action plan.
The publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-218