惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 热门话题
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
K
Kaspersky official blog
Google Online Security Blog
Google Online Security Blog
Simon Willison's Weblog
Simon Willison's Weblog
Hacker News - Newest:
Hacker News - Newest: "LLM"
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Privacy International News Feed
D
Docker
Cisco Talos Blog
Cisco Talos Blog
Spread Privacy
Spread Privacy
Jina AI
Jina AI
Last Week in AI
Last Week in AI
The Last Watchdog
The Last Watchdog
WordPress大学
WordPress大学
Project Zero
Project Zero
小众软件
小众软件
V
V2EX
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
L
Lohrmann on Cybersecurity
T
Troy Hunt's Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
P
Privacy & Cybersecurity Law Blog
AWS News Blog
AWS News Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
W
WeLiveSecurity
V
Vulnerabilities – Threatpost
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
爱范儿
爱范儿
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Apple Machine Learning Research
Apple Machine Learning Research
月光博客
月光博客
博客园 - 三生石上(FineUI控件)
Cloudbric
Cloudbric
罗磊的独立博客
TaoSecurity Blog
TaoSecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Google DeepMind News
Google DeepMind News
雷峰网
雷峰网
IT之家
IT之家
A
Arctic Wolf
The Hacker News
The Hacker News
T
Tailwind CSS Blog
Know Your Adversary
Know Your Adversary
博客园 - 司徒正美
腾讯CDC
S
SegmentFault 最新的问题
P
Palo Alto Networks Blog
NISL@THU
NISL@THU

News and Events Feed by Topic

Securing AI Data Center: Architecture, Security Posture, and Emerging Standards New NCCoE Project: Asset Management and Visibility for Operational Technology (OT) Environments NIST Guidelines for Secure Remote Access in Water and Wastewater Systems NIST Workshop on Hardware CPE and CVSS Updates NCCoE Two-Pager Now Available: Effective OT Backup Management The Department of Commerce’s CHIPS Program Announces a Letter of Intent with Coherent for up to $50 Million to Expand Indium Phosphide Production Now Available: Practical Guidelines for Preventing and Mitigating Ransomware NIST NCCoE Genomic Data PETs Testbed & Dioptra Webinar NIST Mathematical Proof Supports Transition to a Continuous-Monitor-and-Update Security Model for AI Systems NCCoE Cybersecurity Connections Event: Accelerating the Adoption of Mobile Driver's Licenses NIST Expands AI Consortium’s Scope, Calls for New Members Now Available: NIST SP 1800-41, Responding to and Recovering from a Cyber Attack NCCoE Manufacturing Project Update NIST NCCoE Cyber AI Profile Virtual Working Session Series: Usability of the Profile Draft PNT Profile Updated to Align with NIST CSF 2.0 NIST NCCoE Cyber AI Profile Virtual Working Session Series: Extending the Technical Content CAISI Signs Agreements Regarding Frontier AI National Security Testing With Google DeepMind, Microsoft and xAI NIST NCCoE Cyber AI Profile Virtual Working Session Series: Updates to Profile Elements and Contents NICE Releases NICE Framework Components v2.2.0 Adoption of Mobile Driver’s Licenses for Financial Institutions Webinar NIST Updates NVD Operations to Address Record CVE Growth New Publication: Automation of the NIST Cryptographic Module Validation Program NIST Workshop on AI Incident Management Cybersecurity for IoT Workshop: Future Directions New Live Guidelines for Secure Software Development, Security, and Operations Practices Workshop on Blockchain and Distributed Ledger Technologies Improving the Nation’s Cybersecurity - an Open Forum NIST Guidelines on Implementing Mobile Driver’s Licenses for Financial Institutions NICE Webinar: Beyond Technical Skills - The Human Element of a Cyber Career Artificial Intelligence (AI) for Manufacturing Workshop Safeguarding Health Information: Building Assurance through HIPAA Security 2026 Workshop on Blockchain and Distributed Ledger Technologies 2026 Time and Frequency Seminar NCCoE Project Portfolio Webinar MLXN: Machine Learning for X-ray and Neutron Scattering Comment Now: Draft Guidelines on Data Classification Practices Technologies and Use Cases for Smart Standards NIST Allocates Over $3 Million to Small Businesses Advancing AI, Biotechnology, Semiconductors, Quantum and More Building the Strategic Supply Chain Network Iris Experts Group Annual Meeting New Concept Paper on Identity and Authority of Software Agents SUSHI@NIST: Rolling Next-Generation Secure Hardware into Standards Now Available! Transit Cybersecurity Framework Community Profile Now Available: NIST NCCoE Project Portfolio Cyber AI Workshop #2 NIST Launches Centers for AI in Manufacturing and Critical Infrastructure Apply on USAJobs: Open CAISI Position for an AI Research Scientist Securing Smart Speakers for Home Health Care: NIST Offers New Guidelines Just Published! Final NIST Telehealth Smart Home Integration Cybersecurity White Paper Draft NIST Guidelines Rethink Cybersecurity for the AI Era Comment & Save the Date Now! NIST Cyber AI Profile Preliminary Draft & Workshop Final NCCoE IoT Secure Onboarding Publications Now Available! Mobile Driver’s License Project Update Webinar NCCoE Cybersecurity Connections – Strengthening the Cybersecurity Workforce New Draft White Paper | PQC Migration: Mappings to Risk Framework Docs Now Available: NIST Final SP 1800-37, Addressing Visibility Challenges with TLS 1.3 NIST Awards More Than $3 Million to Support Cybersecurity Workforce Development Across 13 States Feedback Requested: NIST Cryptographic Module Validation Program White Paper New NIST NCCoE Mobile Drivers Licenses Project Resources Now Available! CSF 2.0 Webinar Series: Deep-Dive into the CSF 2.0 Govern Function to Improve Cybersecurity Final Publication Available: NIST IR 8523, Multi-Factor Authentication for Criminal Justice Information Systems Federal Investments in IoT Infrastructure Offer 10-20x Return, NIST Study Finds Final NIST IR 8349 Released: Characterize & Secure Your IoT Devices NIST Revises Security and Privacy Control Catalog to Improve Software Update and Patch Releases We Want Your Feedback! Developing a Transit Cybersecurity Framework Community Profile Advances in Automation of Quantum Dot Devices Control Empowering Future Innovators: NIST CTL Connects Cybersecurity Students with Real-World Research NIST Awards Over $1.8 Million to Small Businesses Advancing AI, Semiconductors, Additive Manufacturing and More NIST Researchers Demonstrate that Superconducting Neural Networks Can Learn on Their Own STPPA8: Special Topics on Privacy and Public Auditability — Event 8: Experimenting with Privacy-Enhancing Cryptography (PEC) Implementations NIST Finalizes ‘Lightweight Cryptography’ Standard to Protect Small Devices NIST Releases Test Tools to Accelerate Adoption of Emerging Route Leak Mitigation Standards Second Seminar on Building an In-Space Circular Economy Lessons Learned from the Consortium: Tool Use in Agent Systems
Secure Software Development Framework (SSDF) Version 1.2 is Available for Public Comment
2025-12-17 · via News and Events Feed by Topic

NIST has released the initial public draft of Special Publication (SP) 800-218r1 (Revision 1), Secure Software Development Framework (SSDF) Version 1.2: Recommendations for Mitigating the Risk of Software Vulnerabilities, per Executive Order 14306.

NIST has released the initial public draft of Special Publication (SP) 800-218r1 (Revision 1), Secure Software Development Framework (SSDF) Version 1.2: Recommendations for Mitigating the Risk of Software Vulnerabilities, per Executive Order 14306. This document describes new and improved practices, tasks, and examples for the secure and reliable development, delivery, and improvement of software.                           

Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software development practices usually need to be added to each SDLC model. SP 800-218 recommends the Secure Software Development Framework (SSDF), which is a core set of high-level secure software development practices that can be integrated into each SDLC implementation. Following such practices should help software producers reduce the number of vulnerabilities in released software, mitigate the potential impacts of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences. Because the framework provides a common vocabulary for secure software development, software acquirers can also use it to foster communications with suppliers in acquisition processes and other management activities. 

The public comment period is open through January 30, 2026. See the publication details for a copy of the draft and instructions for submitting comments. 

Released December 17, 2025, Updated December 18, 2025