The Canadian Centre for Cyber Security partnered with the UK’s National Cyber Security Centre (NCSC-UK) and the Department for Science, Innovation and Technology (DSIT) to release a joint Software Security Code of Practice and supporting guidance for software vendors.
This initiative addresses growing concerns around software supply chain attacks and vulnerabilities caused by weak development or maintenance practices. The guidance promotes stronger, more resilient software systems.
The Guidance Includes Three Key Publications:
1. Software Security Code of Practice
Outlines 14 essential principles that establish a baseline for secure and resilient software. These principles fall under four key themes:
- Secure design and development
- Build environment security
- Secure deployment and maintenance
- Customer communication
2. Implementation Guidance
Provides practical advice for software developers and vendors on how to apply the 14 principles effectively in their workflows.
3. Assurance Principles and Claims
Helps organisations assess how well they meet the code’s expectations and offers recommendations for improvement.
The document containing the guidelines is below:
Source: Canadian Centre for Cybersecurity, Government of Canada
