DSIT launches Software Security Code of Practice Evaluation Survey

Help shape the future of software security — share your views in our Software Security Code of Practice survey

The Software Security Code of Practice was announced at CyberUK by the Department for Science, Innovation and Technology (DSIT) to help organisations strengthen the security and resilience of the software they develop, sell, or use. The Code supports software vendors and their customers in reducing the risks and impacts of software supply chain attacks, while also improving overall software resilience. These types of incidents often arise from avoidable weaknesses in software development and maintenance processes.

The Code has been co-sealed by the Canadian Centre for Cyber Security and developed in collaboration with the UK’s National Cyber Security Centre (NCSC), as well as experts from industry and academia. It forms part of the UK government’s wider cyber security strategy, complementing initiatives such as the Cyber Governance Code of Practice and the AI Cyber Security and Apps and App Stores Codes of Practice.

Structured around 14 principles grouped under 4 core themes, the Code sets out practical, essential steps that organisations should take to better protect their software products and services against evolving cyber threats.

To gather feedback and ensure the Code continues to meet the needs of those using it, a new evaluationsurvey has been launched for organisations and users to share their views and experiences. The survey will remain open until December 2026.