New Code of Practice to Improve Software Security

Announced at CyberUK the Software Security Code of Practice to help organisations take the measures they need to embed security and resilience. The Code sets out essential steps organisations developing or selling software should be taking to secure their products and reduce the likelihood and impact of software supply chain attacks and other software resilience incidents. These kinds of attacks and disruptions are caused by avoidable weaknesses in software development and maintenance practices.

The Code addresses those issues, having been co-designed with technical experts from the National Cyber Security Centre (NCSC) and industry.

For organisations using the Code, we have launchedan evaluation survey so users can provide feedback. The survey is open until December 2026.