Skip to main content

Like many websites, BSA’s websites use cookies to ensure the efficient functioning of those websites and give our users the best possible experience. You can learn more about how we use cookies, and how you can change your browser's cookie settings, in our cookies statement. By continuing to use this site without changing your cookie settings, you consent to our use of cookies.


BSA Framework for Secure Software


Over the last several years, software-powered capabilities have expanded from traditional computers and industrial control systems into diverse personal devices, widely deployed sensors, smart appliances, connected vehicles, robotic systems, and beyond. These innovations are driving the creation of a new, connected digital economy and can yield tremendous economic and social benefits. Yet, because these technologies also have the potential to create economic, legal, and even physical risk, software developers must have the joint goals of building software securely and ensuring that it can be securely maintained throughout its lifecycle.

Software development organizations, their customers, and policymakers are increasingly seeking ways of assessing and encouraging security across the software lifecycle. While standards and guidelines exist to aid and inform developers in achieving these goals, there is no consolidated framework that brings together best practices in a detailed, holistic manner that can guide software security regardless of the development environment or the purpose of the software.

BSA | The Software Alliance has developed The BSA Framework for Secure Software to fill that gap.

Specifically, the Framework is intended to be used to help software development organizations: 

  1. Describe the current state of software security in individual software products.
  2. Describe the target state of software security in individual software products.
  3. Identify and prioritize opportunities for improvement in development and lifecycle management processes.
  4. Assess progress toward the target state.
  5. Communicate among internal and external stakeholders about software security and security risks.
BSA Framework for Secure Software
Download PDF