diff --git a/docs/Existing Guidelines for Developing and Distributing Secure Software.md b/docs/Existing Guidelines for Developing and Distributing Secure Software.md index 3225d013..1691ab11 100644 --- a/docs/Existing Guidelines for Developing and Distributing Secure Software.md +++ b/docs/Existing Guidelines for Developing and Distributing Secure Software.md @@ -10,7 +10,7 @@ Note that many materials are focused on specific situations that may not apply t If you’re just starting out trying to make first steps in security of an open source software project, have it try to get an [OpenSSF Best Practices Badge](https://www.bestpractices.dev/), take the OpenSSF Secure Software Development Fundamentals course [OpenSSF SSDF 2021](https://openssf.org/training/courses/), and work to improve their scorecard ranking. (Note: At the time of this writing, scorecard can only measure projects on GitHub, though we hope to fix that in the future.) -Note that [NIST 2020](https://csrc.nist.gov/publications/detail/white-paper/2020/04/23/mitigating-risk-of-software-vulnerabilities-with-ssdf/final) does a cross-examination of several materials and creates a set of best practices. +Note that [NIST 2022](https://csrc.nist.gov/pubs/sp/800/218/final) does a cross-examination of several materials and creates a set of best practices. - [BSA] Business Software Alliance (BSA), The [BSA Framework for Secure Software: A New Approach to Securing the Software Lifecycle: A consolidated framework for assessing and encouraging security across the software lifecycle](https://www.bsa.org/files/reports/bsa_software_security_framework_web_final.pdf), “intended to focus on software products (including Software-as-a-Service) by considering both the process by which a software development organization develops and manages software products and the security capabilities of those products. It is intended to complement, rather than replace, guidance for organizational risk management processes.” - [BSIMM] BSIMM, [Building Security In Maturity Model (BSIMM)](https://www.bsimm.com/): “A study of existing software security initiatives. By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variations that make each unique.” This is less guidance and more a survey result, but it can be helpful to know what is common among the surveyed organizations.