On June 23, 2020, join BSA and SAFECode for a joint webinar “De-mystifying Secure Software Development: New Framework Delivers New Opportunities for Builders and Buyers” to learn about the SSDF and its practical applications.

Once seen as only tangential to cybersecurity planning, software security has recently emerged as a top priority for policymakers, businesses, and users around the world. As our collective understanding of cybersecurity has grown, we have come to recognize the central role secure design and development plays in protecting the software that powers our world. Unfortunately, software security discussions have long been hampered by inconsistent terminology, lack of clarity around best practices, and a sense that only the most technically inclined could ever really make sense of the process. A new software development framework from NIST is poised to change all that.

Much like it did with its Cybersecurity Framework, NIST has brought together what we have learned about software security over the past two decades and created a secure software development framework (SSDF) that can get us all talking from the same playbook. The framework builds on SAFECode’s publications on secure development best practices, the BSA Framework for Secure Software, and other industry contributions to deliver a core set of high-level secure software development practices that help ensure that software is secure by design. Software producers who follow these practices can reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to achieve continuous improvement of software security. Software consumers can use the framework to confidently build their security requirements and apply them as applicable to their software acquisition processes.

Please register here to join BSA and SAFECode along with government and industry panelists in a virtual roundtable discussion on Tuesday, June 23 from 11 AM to 1 PM to learn about the SSDF and hear about its practical applications for product developers, public and private sector customers, and the future of product certifications and labeling.

Questions about this session should be directed to BSA’s Tommy Ross or SAFECode’s Steve Lipner. To register for the event, please fill out the form here.

This event is being conducted with support from Venable, LLC, and registered participants will receive additional information on accessing the webinar from Venable in advance of the event.


11:00 a.m.: Welcome Remarks | Kevin Stine, NIST
11:05 a.m.: BSA’s Perspective | Tommy Ross, BSA
11:15 a.m.: SAFECode’s Perspective | Steve Lipner, SAFECode
11:25 a.m.: Introduction and Overview of the NIST Secure Software Development Framework | Karen Scarfone, NIST Associate
11:40 a.m.: Q&As | Tommy Ross, Karen Scarfone, Kevin Stine, and Steve Lipner
12:05 p.m.: Perspectives on Applying the SSDF Guiding Product Development: Valecia Maclin, Microsoft Supporting Private Sector software Acquisition: John Banghart, Venable Improving Government Acquisition: Melinda Reed, DoD Shaping Interoperability, Synergies, and Evaluation: Prokopios Drogkaris and Apostolos Malatras, ENISA
12:45 p.m.: Q&As | Valecia Maclin, John Banghart, Melinda Reed, Prokopios Drogkaris and Apostolos Malatras
12:55 p.m.: Closing Remarks | Tommy Ross, Kevin Stine, and Steve Lipner