NIST software framework aims to provide ‘risk-based approach’ to manage security risks for developers

The National Institute of Standards and Technology has developed a software framework with a core set of high-level security practices that organizations and developers can follow throughout the software lifecycle, detailed in a paper touted by software makers.

The white paper, “Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework,” outlines four practice groups on Prepare the Organization, Protect the Software, Produce Well-Secured Software and Respond to Vulnerabilities. Each of the practices has a task...