Secure Software Development Frameworks

This post lists some secure software development frameworks.

Secure Development Frameworks

List of Secure Development Frameworks:

• Secure Software Development Framework (SSDF)
• OWASP Security Knowledge Framework (OWASP-SKF)
• SEI CERT Coding Standards

Secure Software Development Framework (SSDF)

https://csrc.nist.gov/Projects/ssdf

Secue Software Development Framework (SSDF) is issued by NIST.

As of November 2022, the latest SSDF publication SP 800-218 “Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities” was published on March 2022.

OWASP Security Knowledge Framework (OWASP-SKF)

https://owasp.org/www-project-security-knowledge-framework/

OWASP Security Knowledge Framework (OWASP-SKF) is issued by OWASP.

There is also a OWASP Testing Framework.

SEI CERT Coding Standards

https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards

SEI CERT Coding Standards are developed by the CERT Coordination Center (CERT/CC).

CERT/CC belongs to the Software Engineering Institute (SEI), that is a non-profit United States federally funded research and development center. SEI belongs to the Carnegie Mellon University (CMU).

There are specific coding standards for C, C++, Java, Perl and Android.

You might also be interested in…

• IT Security Frameworks for Organizations
• IT Security Testing Frameworks

External references

• Robert C. Seacord Robert Martin; “MITRE CWE and CERT Secure Coding Standards“; CISA