United States Government Publishing Office publisher pbl distributor dst United States Commerce Department National Institute of Standards and Technology (NIST) author aut Government Organization Souppaya, Murugiah. author aut text government publication eng GOVPUB Executive Agency Publications executive 2023-10-27 Commerce Department 2022-02-03 monographic deposited born digital 36 digital object pages C 13. https://www.govinfo.gov/app/details/GOVPUB-C13-2ea4989e5dc4ac2e4a07a44d2e5c075d P0b002ee1c1bb313e on1389890250 (OCoLC)1389890250 DGPO 2023-10-27 2026-06-27 GOVPUB-C13-2ea4989e5dc4ac2e4a07a44d2e5c075d machine generated eng fdlp C13 GOVPUB-C13-2ea4989e5dc4ac2e4a07a44d2e5c075d 2ea4989e5dc4ac2e4a07a44d2e5c075d GOVPUB NIST Special Publications NOTE: THE “DATE ISSUED” ABOVE MAY DEFAULT TO JANUARY 1ST OF A GIVEN YEAR. TO THE VIEW THE MOST ACCURATE DATE OF ISSUE, REVIEW THE TITLE PAGE OF THE PUBLICATION. This series includes proceedings of conferences sponsored by NIST, NIST annual reports, and other special publications appropriate to this grouping such as wall charts, pocket cards, and bibliographies. National Institute of Standards and Technology Commerce Department. National Institute of Standards and Technology. 2022 2022-02-03 https://www.govinfo.gov/app/details/GOVPUB-C13-2ea4989e5dc4ac2e4a07a44d2e5c075d https://www.govinfo.gov/content/pkg/GOVPUB-C13-2ea4989e5dc4ac2e4a07a44d2e5c075d/pdf/GOVPUB-C13-2ea4989e5dc4ac2e4a07a44d2e5c075d.pdf Recommendations for Mitigating the Risk of Software Vulnerabilities Acquisition of computer software Computer security--Software Computer software--Development Secure software development Secure Software Development Framework (SSDF), Secure software development practices Software development life cycle (SDLC) Software security Souppaya, Murugiah. creator Souppaya, Murugiah. Scarfone, Karen. Dodson, Donna. National Institute of Standards and Technology (U.S.) Information Technology Laboratory mdu U.S. Dept. of Commerce, National Institute of Standards and Technology 2022-02-03. monographic 1 online resource (36 pages) : illustrations (color) text technical report eng Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model to ensure that the software being developed is well-secured. This document recommends the Secure Software Development Framework (SSDF) a core set of high-level secure software development practices that can be integrated into each SDLC implementation. Following such practices should help software producers reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences. Because the framework provides a common vocabulary for secure software development, software acquirers can also use it to foster communications with suppliers in acquisition processes and other management activities. Murugiah Souppaya; Karen Scarfone; Donna Dodson. February 2022. Title from PDF title page (viewed January 4, 2023). Includes bibliographical references. Approved by the NIST Editorial Review Board on 2022-01-31 Mode of access: World Wide Web. Systems requirements: Adobe Acrobat PDF reader. Acquisition of computer software Computer software--Development Computer security--Software Secure software development Secure Software Development Framework (SSDF), Secure software development practices Software development life cycle (SDLC) Software security https://doi.org/10.6028/NIST.SP.800-218 recommendations for mitigating the risk of software vulnerabilities recommendations for mitigating the risk of software vulnerabilities