CIS, SAFECode Launch Secure by Design Guide to Help Developers Meet National Software Security Expectations

News > Technology News

Carbonatix Pre-Player Loader

Audio By Carbonatix

9:00 AM on Thursday, October 23

The Associated Press

EAST GREENBUSH, N.Y., & WAKEFIELD, Mass.--(BUSINESS WIRE)--Oct 23, 2025--

The Center for Internet Security, Inc. (CIS ® ) and the Software Assurance Forum for Excellence in Code (SAFECode) have released a joint white paper, Secure by Design: A Guide to Assessing Software Security Practices, to help software development organizations meet growing national and international expectations for secure software.

The publication addresses a long-standing gap in cybersecurity: the lack of practical, evaluable, and aligned guidance for building software that is secure by design. It offers actionable steps for developers, end users, and government bodies to assess and improve software security practices across six key areas: secure software design, secure development, secure default configuration, supply chain security, code integrity, and vulnerability remediation.

“Secure by Design is more than a slogan; it’s a responsibility,” said Curtis Dukes, Executive Vice President and General Manager of Security Best Practices at CIS. “This guide gives developers and organizations a clear path to implement secure software practices that are both effective and adaptable across different environments.”

The guide builds on NIST’s Secure Software Development Framework (SSDF) and incorporates SAFECode’s Development Groups (DGs) model to tailor recommendations to organizations of varying maturity levels. It also maps practices to the CIS Critical Security Controls ® (CIS Controls ® ) and identifies responsible roles and artifacts to demonstrate compliance. The paper includes a dedicated section on the security implications of artificial intelligence and machine learning (AI/ML), offering insights into emerging risks and considerations.

“By combining the strengths of CIS, SAFECode, and a community of experts, we’ve created a resource that helps developers move from principles to practice,” said Steve Lipner, Executive Director of SAFECode. “This guide supports risk-based decision-making and helps organizations meet the expectations of initiatives like CISA’s Secure by Design and the EU Cyber Resilience Act.”

The guide responds to the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design initiative and supports the mandates related to software security that are outlined in Executive Order 14306, SUSTAINING SELECT EFFORTS TO STRENGTHEN THE NATION’S CYBERSECURITY AND AMENDING EXECUTIVE ORDER 13694 AND EXECUTIVE ORDER 14144, and the relevant portions of Executive Order 14028.

Organizations adopting the practices outlined in the guide may also benefit from existing State safe harbor provisions and compliance frameworks that recognize the use of CIS Controls and NIST SSDF. The guide reinforces the shared responsibility of software developers to deliver secure systems and empowers end users to evaluate software security with confidence.

To arrange an interview with CIS or SAFECode regarding Secure by Design: A Guide to Assessing Software Security Practices, contact [email protected].

About CIS:

The Center for Internet Security, Inc. (CIS ® ) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls ® and CIS Benchmarks ™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously refine these standards to proactively safeguard against emerging threats. Our CIS Hardened Images ® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center ® (MS-ISAC ® ), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities. To learn more, visit CISecurity.org or follow us on X: @CISecurity.

About SAFECode:

The Software Assurance Forum for Excellence in Code (SAFECode) is a nonprofit organization dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode brings together leading software companies to share best practices and develop guidance that helps organizations improve the security and integrity of their software. Learn more at safecode.org.

View source version on businesswire.com:https://www.businesswire.com/news/home/20251023098398/en/

CONTACT: Carol Fusaro

[email protected]

KEYWORD: NEW YORK MASSACHUSETTS UNITED STATES NORTH AMERICA

INDUSTRY KEYWORD: DATA MANAGEMENT SECURITY TECHNOLOGY OTHER TECHNOLOGY SOFTWARE INTERNET HARDWARE

SOURCE: SAFECode

Copyright Business Wire 2025.

PUB: 10/23/2025 09:00 AM/DISC: 10/23/2025 09:00 AM

http://www.businesswire.com/news/home/20251023098398/en

This content is used here with permission. To view the original visit: https://www.businesswire.com/news/home/20251023098398/en/
 

You might also be interested in:

Salem News Channel Today

Sponsored Links

On Air & Up Next

  • Hollywood 360 Radio
    12:00AM - 2:00AM
     
    What do you get when you take Classic Radio, Entertainment Tonight, Turner   >>
     
  • The Charlie Kirk Show
    2:00AM - 4:00AM
     
    "The Charlie Kirk Show" can be heard weekdays across Salem Radio Network and watched on The Salem News Channel.
     
  • My Money Is Safe
    4:00AM - 5:00AM
     
    Greg is well respected in the financial industry as a Complete Advisor. Being   >>
     
  • The Chris Stigall Show
    5:00AM - 7:00AM
     
    Equal parts hilarity and desk-pounding monologues with healthy doses of skepticism and sarcasm.
     
  • Wyatt Matters
    7:00AM - 8:00AM
     
    Wyatt Matters takes a lighthearted approach to things that deeply matter by   >>
     

See the Full Program Guide