released a Draft NIST
Cybersecurity White Paper for public comment, Mitigating the Risk of Software
Vulnerabilities by Adopting a Secure Software Development Framework (SSDF).
This white paper recommends a core set of high-level secure software development
practices, called a secure software development framework (SSDF), to be added
to each software development life cycle (SDLC) implementation.
The paper facilitates
communications about secure software development practices amongst business
owners, software developers, and cybersecurity professionals within an
organization. Following these practices should help software producers reduce
the number of vulnerabilities in released software, mitigate the potential
impact of the exploitation of undetected or unaddressed vulnerabilities, and
address the root causes of vulnerabilities to prevent future recurrences.
Software consumers can reuse and adapt the practices in their software
The public comment period ends August 5, 2019. See the publication details link for a copy of
the document and instructions for submitting comments.