Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Secure Software
Develop a companion resource to Secure Software Development Framework (SSDF) (EO Sec. 4.1(a)(i)(B))
On April 29, NIST released a draft Generative AI companion resource to NIST’s Secure Software Development Framework (SSDF). Comments are due by June 2. More information is available here.
NIST held a virtual workshop on Secure Development Practices for AI Models on January 17, 2024. This workshop supported the EO 14110 task for NIST to develop a companion resource to the NIST Secure Software Development Framework (SSDF). A livestream of the workshop can be viewed on NIST's website.
At a foundational level, AI systems are built and operate on software. It is critical that the software being developed is well-secured to:
- Reduce the number of vulnerabilities in released software;
- Mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities; and
- Address root causes of vulnerabilities to prevent future recurrences.
NIST will work with interagency collaborators – and seek feedback from the broader community through open and transparent processes – to develop a companion to NIST’s SSDF. That resource will incorporate secure development practices for generative AI and dual-use foundation models.