The May 12th Executive Order on Improving the Nation’s Cybersecurity directed our friends at NIST to publish guidelines on vendors’ source code testing. As a result NIST recently published Guidelines on Minimum Standards for Developer Verification of Software. An excellent resource for organizations that develop software in-house, it is also useful for organizations that want to practice due care when evaluating the security practices of potential software vendors.

“No single software security verification standard can encompass all types of software and be both specific and prescriptive while supporting efficient and effective verification. Thus, this document recommends guidelines for software producers to use in creating their own processes. To be most effective, the process must be very specific and tailored to the software products, technology (e.g., language and platform), toolchain, and development lifecycle model.” — Guidelines on Minimum Standards for Developer Verification of Software

Learn More:

Our offering:
Our goal is to put you in command of your world by providing you with Insight that informs, Insight that empowers, Automation that quantifies and provides answers real-time and Knowledge that supports and enables compliance. Contact us for more information at