The NCSC's new Software Security Code of Practice emphasizes the need for developers to improve their secure design practices. Senior cybersecurity expert James Neilson describes it as a significant measure that encourages organizations to prioritize security in their software solutions over profit. The voluntary code sets a minimum standard, emphasizing that developers often lack security expertise. It contains 14 core principles focused on secure design to strengthen the overall software supply chain, ultimately enhancing resilience against security threats and ensuring accountability through designated senior leadership roles.
"This new code is a welcome move. It isn't just a checklist - it's a call to get serious about end-to-end security. A software supply chain is only as strong as its weakest link."
"Understandably, organizations will prioritize growth and profit rather than the security and resilience of their products and services."
"When the importance of cybersecurity is recognized, we know from research that software developers are not necessarily security experts..."
Collection
[
|
...
]