Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Draft White Paper: Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)

A draft white paper, "Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)," is available for public comment until August 5, 2019.

NIST is releasing a Draft NIST Cybersecurity White Paper for public comment, Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF). This white paper recommends a core set of high-level secure software development practices, called a secure software development framework (SSDF), to be added to each software development life cycle (SDLC) implementation.

The paper facilitates communications about secure software development practices amongst business owners, software developers, and cybersecurity professionals within an organization. Following these practices should help software producers reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences. Software consumers can reuse and adapt the practices in their software acquisition processes.

The public comment period ends August 5, 2019

. See the document details for a copy of the document and instructions for submitting comments.

Released June 11, 2019, Updated June 12, 2019