Strengthening Software Security – The UK’s New Code of Practice

07 May

In a significant move to bolster the UK’s digital resilience, the government has unveiled the Software Security Code of Practice. Launched on 7 May 2025 at CyberUK 2025, this initiative aims to set a consistent baseline for software security across the market.

Why It Matters

Software vulnerabilities have become prime targets for cyberattacks, threatening the integrity of digital supply chains and organisational operations. The Code addresses these concerns by outlining 14 principles that software vendors should implement, focusing on secure design, build environment security, deployment, maintenance, and effective communication with customers.

Key Principles of the Code

  1. Secure Design and Development: Ensuring that products are secure from the outset.

  2. Build Environment Security: Protecting the integrity of the software development environment.

  3. Secure Deployment and Maintenance: Maintaining security throughout the software’s lifecycle.

  4. Communication with Customers: Providing clear information to users to manage risks effectively.

Developed in collaboration with the National Cyber Security Centre (NCSC) and industry experts, the Code is a response to the growing need for robust cybersecurity measures in the software sector. It reflects the government’s commitment to enhancing digital resilience and protecting against software supply chain attacks.

Next Steps

While the Code is voluntary, the government plans to introduce an assurance regime to help vendors demonstrate compliance. Additionally, future legislation may be considered to enforce these practices more broadly.


LET’S TALK ABOUT  YOUR CYBER SECURITY