The government is asking for industry views on a draft code of practice for software vendors to improve the resilience and security of software.
As part of the £2.6 billion National Cyber Strategy to protect and promote the UK online, the government is working to improve cyber resilience across the UK economy. This includes improving the resilience and security of software to strengthen digital supply chains.
Following the Government’s call for views on software resilience and security for businesses and organisations, the government has undertaken extensive stakeholder engagement to develop a package of policy interventions. The interventions in this package are designed to prevent common mistakes in software development and distribution, and to improve information sharing between software vendors and their customers. Addressing these issues will reduce the likelihood and impact of software supply chain attacks and other incidents that continue to affect organisations across all sectors of our economy.
The government is now publishing a draft Code of Practice for Software Vendors. This voluntary code of practice sets out the fundamental security and resilience measures that should be expected of all organisations which develop or sell software used by businesses and other organisations. The Code of Practice aims to strengthen the foundations of the many kinds of digital technologies that all sectors of our economy rely on.
This call for views seeks feedback on the proposed design of the Code of Practice for Software Vendors including input on how it should be implemented.
Find out more here and respond to the consultation by 10th July 2024.