Innovative software technologies are driving the creation of a new, connected digital economy and can yield tremendous economic and social benefits. Because these technologies also have the potential to create economic, legal, and even physical risk, software development organizations, their customers, and policymakers are increasingly seeking ways of assessing and encouraging security across the software lifecycle. While standards and guidelines exist to aid and inform developers in achieving these goals, there is no consolidated framework that brings together best practices in a detailed, holistic manner that can guide software security regardless of the development environment or the purpose of the software.

BSA | The Software Alliance has developed The BSA Framework for Secure Software to fill that gap. The Framework offers an outcome-focused, standards-based risk management tool to help stakeholders in the software industry – developers, vendors, customers, policymakers, and others – communicate and evaluate security outcomes associated with specific software products and services. Notably, Version 1.1 of the Framework fully maps to the U.S. National Institute for Standards and Technology (NIST) “Secure Software Development Framework,” providing organizations a convenient tool to demonstrate their alignment with this NIST guidance.

Specifically, the Framework is intended to be used to:

1. help software development organizations describe the current state and target state of software security in individual software security products and services.
2. help software development organizations identify opportunities for improvement in development and lifecycle management processes, and assess progress toward target states.
3. help software developers, vendors, and customers communicate internally and externally about software security; and
4. help software customers evaluable and compare the security of individual software products and services.