U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

White Paper

Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)

Date Published: April 23, 2020


Donna Dodson (NIST), Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)



secure software development; secure software development framework (SSDF); secure software development practices; software acquisition; software development; software development life cycle (SDLC); software security
Control Families

Access Control; Awareness and Training; Contingency Planning; Program Management; Personnel Security; System and Information Integrity


White Paper (DOI)

Supplemental Material:
Local Download (pdf)

Related NIST Publications:
SP 800-218 (Draft)

Document History:
06/11/19: White Paper (Draft)
04/23/20: White Paper (Final)