Secure Software Development Frameworks

This post lists some secure software development frameworks.

You can read about IT security testing frameworks on this post.

You can read about penetration testing methodologies on this post.

Secure Development Frameworks

List of Secure Development Frameworks:

• Secure Software Development Framework (SSDF)
• Security Knowledge Framework (SKF)
• SEI CERT Coding Standards
• OpenSSF Secure Software Guiding Principles

Secure Software Development Framework (SSDF)

https://csrc.nist.gov/Projects/ssdf

Secure Software Development Framework (SSDF) is issued by NIST.

As of November 2022, the latest SSDF publication SP 800-218 “Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities” was published on March 2022.

Security Knowledge Framework (SKF)

https://securityknowledgeframework.org/

Security Knowledge Framework (SKF) is a working group within OpenSSF.

From 2020 to 2023, SKF was a working group within the Open Worldwide Application Security Project (OWASP), and it was know as OWASP-SKF. Since 2023 it is a working group of the Open Source Security Foundation (OpenSSF).

Official OpenSSF-SKF code repository

SEI CERT Coding Standards

https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards

SEI CERT Coding Standards are developed by the CERT Coordination Center (CERT/CC).

CERT/CC belongs to the Software Engineering Institute (SEI), that is a non-profit United States federally funded research and development center. SEI belongs to the Carnegie Mellon University (CMU).

There are specific coding standards for C, C++, Java, Perl and Android.

OpenSSF Secure Software Guiding Principles

OpenSSF released in 2023 the 10 Secure Software Guiding Principles. They can be read on this external link.

You can read more about it on this external post.

You can read the Concise guide for developing more secure software , also from OpenSSF, on this external link.

You might also be interested in…

• Software Development Security
• IT Security Frameworks for Organizations
• IT Security Testing Frameworks

External references

• Robert C. Seacord Robert Martin; “MITRE CWE and CERT Secure Coding Standards“; CISA
• INCIBE; “Desarrollo seguro“; INCIBE (Spanish)