Skip to main content

Al igual que muchos sitios web, los sitios web de BSA usan cookies para garantizar el funcionamiento eficiente de esos sitios web y brindar a nuestros usuarios la mejor experiencia posible. Puede obtener más información sobre cómo usamos las cookies y cómo puede cambiar la configuración de cookies de su navegador en nuestra declaración de cookies. Al continuar utilizando este sitio sin cambiar la configuración de las cookies, usted acepta el uso de cookies.


SEP 22, 2020 | GLOBAL

BSA Updates Framework for Secure Software to Better Address Cyber Threats

Improved framework offers timely guidance on securing global supply chain

WASHINGTON – September 22, 2020 – Software innovations are transforming the way we live and work. But insecure software carries the potential for unprecedented economic, legal, and physical risk. In fact, recent news from the FBI shows an increase in the number of complaints about cyberattacks, up to as many as 4,000 a day, or a 400% increase from pre-coronavirus levels. As the role of technology in every sector expands and emerging technologies like 5G become more widespread, software developers and governments face the challenge of how to secure software components in vast, complex supply chains. Stakeholders need clear and flexible guidance to secure the rapidly growing digital ecosystem.

BSA | The Software Alliance today released a new version of a key tool for improving the software supply chain, the BSA Framework for Secure Software. This updated framework includes crucial changes to strengthen criteria for securing software supply chains and better align with relevant guidance. Specifically, the new framework is fully mapped to the National Institute for Standards and Technology (NIST)’s Secure Software Development Framework (SSDF), providing software developers an accessible tool to implement the SSDF. Moreover, it incorporates more robust guidance on securing development environments to prevent supply chain attacks.

“As cyber threats grow, the software industry and policymakers must come together to protect the global software supply chain from malicious cyberattacks. This issue has never been more relevant – the Internet of Things is expected to grow to more than 200 billion devices by 2023, and these newly connected devices will pose a major security risk,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “BSA member companies are on the cutting edge of pioneering security-by-design principles that lead to stronger, more secure software products. The updated BSA Framework for Secure Software will help drive the adoption of those best practices across the entire industry. I look forward to BSA’s continued collaboration with software companies and policymakers as we work to build the trusted technologies of the future.”

Specifically, the Framework is intended to be used to help:

  1. Software development organizations describe the current state and target state of software security in individual software security products and services;
  2. Software development organizations identify opportunities for improvement in development and lifecycle management processes, and assess progress toward target states;
  3. Software developers, vendors, and customers communicate internally and externally about software security; and
  4. Software customers evaluate and compare the security of individual software products and services.

The Framework is intended to guide development lifecycles for all types of software, from installed programs to Software-as-a-Service, as well as all types of development processes, from waterfall to DevOps. The Framework is a living document and will continue to be updated and improved based on ongoing feedback and technical developments.

Find BSA’s updated Secure Software Development Framework here.


BSA | The Software Alliance (www.bsa.org) es el principal defensor de la industria global del software ante los gobiernos y en el mercado internacional. Sus miembros se encuentran entre las compañías más innovadoras del mundo, creando soluciones de software que impulsan la economía y mejoran la vida moderna.

Con sede central en Washington, DC y operaciones en más de 30 países, BSA es pionera en programas de cumplimiento normativo diseñados para fomentar el uso legal de software, y apoya políticas públicas que incentivan la innovación tecnológica e impulsan el crecimiento de la economía digital.


Anna Hughes

Telephone: 202-530-5177
Correo electrónico: annah@bsa.org

Riley McBride Smith

Telephone: 202-591-1125
Correo electrónico: Riley@allisonpr.com

For Media Inquiries

Correo electrónico: media@bsa.org


Anna Hughes

Telephone: 202-530-5177
Correo electrónico: annah@bsa.org


Christine Lynch

Correo electrónico: christinel@bsa.org


Anna Hughes

Telephone: 202-530-5177
Correo electrónico: annah@bsa.org