The workshop will share and discuss the approach that NIST is taking to support Section 4e of Executive Order 14028.
NIST has released the Draft Special Publication (SP) 800-218, Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities. The SSDF is a set of fundamental, sound practices for secure software development based on established standards and guidelines produced by various organizations. The SSDF directly addresses several practices that were called out in Section 4e. The SSDF also provides a starting point for discussing other practices that Section 4e specifies.
To support this discussion, NIST is soliciting input about the types of meaningful artifacts of secure software development that software producers can share publicly with software acquirers. This workshop will bring together experts with different viewpoints to share their insights on producing and sharing artifacts of secure software development tools and processes, as well as on attesting to following specific secure software development practices.