Thursday 11 September 2025, 11am-12noon (BST)

The UK Government is working to improve cyber resilience across the economy and ensure organisations have the tools and support to protect themselves against cyber threats. As part of this work, it launched the Software Security Code of Practice in May 2025 to set out clear expectations for what good software security looks like.

This Code is the product of extensive engagement and has been co-designed with technical experts at the National Cyber Security Centre (NCSC) and a group of industry and academic experts. It has also been refined using feedback from a public call for views undertaken in 2024.

The Software Security Code of Practice is designed to support software vendors and their customers in reducing the likelihood and impact of software supply chain attacks and other software resilience incidents. It consists of 14 principles that software vendors are expected to implement to establish a consistent baseline of software security and resilience across the market.  

In this webinar, we were joined by officials from the Department for Science, Innovation and Technology (DSIT), making it a fantastic opportunity to hear about the key elements of the new code directly from DSIT.

 

Please note that this session was not recorded and could only be joined live.

 

Guest chaired by

John Scott (info), Managing Director, Wildpark Security Consultancy

 

Presented by

Alessandro Colasanti (info), Senior Policy Advisor, Department for Science, Innovation and Technology (DSIT)
Lorna Kirkby (info), Head of Software Security Policy, Department for Science, Innovation and Technology (DSIT)

 

Please see below NCSC resources that were referred to during the presentation

Software Security Code of Practice – Implementation Guidance – NCSC.GOV.UK

Software Security Code of Practice – Assurance Principles… – NCSC.GOV.UK

https://www.ncsc.gov.uk/files/pba-self-assessment-template.docx