The Inner Circle

Expand all | Collapse all

NIST SP 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities.

Jump to Best Answer
  • 1.  NIST SP 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities.

    Posted 27 days ago
      |   view attached
    Hi All,

    NIST just published for Comment | NIST's Secure Software Development Framework (SSDF) Version 1.1

    NIST is seeking comments by November 5, 2021, on a new draft document, NIST Special Publication (SP) 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. NIST used inputs from the public and its June 2021 workshop to shape SSDF version 1.1 in support of NIST's responsibilities under Executive Order (EO) 14028.

    Draft SP 800-218 recommends a set of high-level secure software development practices called the SSDF that can be used for all software development. Following these practices helps software producers ensure that the software they develop is well secured. Draft SP 800-218 also maps EO 14028 clauses to the SSDF practices and tasks that help address each clause. Additionally, the SSDF provides a common secure software development vocabulary for software purchasers and consumers.



    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------


  • 2.  RE: NIST SP 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities.

    Posted 25 days ago
    hi Michael Roza,
    the documents has good approach towards security and secure development but since peoples / organizations can approach verity of material on just one click and almost every site they got the same input a little bit more or less information for a same product. what i was thinking and also working on it to prepare a integrated security frame work which help organization as one window. what is your say on this....?

    ------------------------------
    Anwer Gillani
    Systems limited
    Systems limited
    ------------------------------



  • 3.  RE: NIST SP 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities.
    Best Answer

    Posted 25 days ago

    Hi,

    Sounds like a great idea.

    I recommend you select a working group such as DevSecOps and present your ideas and work to get some in-depth input.

    Best regards,