The Software Security Code of Practice—a voluntary framework for technology providers designed to enhance software security and resilience by ensuring organisations ‘bake’ security into software from the start—was officially launched today, accompanied by comprehensive implementation guidance.
The code, created by DSIT and the National Cyber Security Centre (NCSC), co-sealed by the Canadian Centre for Cyber Security (CCCS), is composed of 14 principles software vendors are expected to implement, providing guidance on secure design, development, deployment, and maintenance.
Chris Anley, Chief Scientist at NCC Group, and member of the UK Government’s Software Vendor Code of Practice Co-design Group said:
“With the volume of ransomware attacks breaking records in 2024, this is a critical point in time for businesses to put cyber security front and centre. To help software organisations on their path to cyber confidence, the NCSC’s new Software Security Code of Practice sets out achievable, but crucial, security principles.
“Cyber security is no longer a nice-to-have, it is a necessity. But not everyone has the equipment to know where to start. Having a minimum set of expectations enables organisations to prevent vulnerabilities. When combined with robust legal frameworks, guidelines like the Code will put organisations in the right place to build water-tight security systems.
“With the world growing ever more digitally-connected, attackers aren’t giving businesses leeway for cyber practices to be a second-thought. If not secure, supplier networks pose a risk, but the new Code will help put customers at ease over their third-party suppliers’ security.
“To ensure systems are ‘secure by design’, the Code will be a valuable handbook which can be strengthened over time.”
Contact
NCC Group Press Office
All media enquires relating to NCC Group plc.