Get the latest cyber news and updates straight to your inbox.
If you sell or build software in the UK, you’ve just been handed a new benchmark to hit. The Department for Science, Innovation and Technology (DSIT) has introduced a new Software Security Code of Practice. It’s voluntary—for now—but if you’re a CTO, CISO or technical leader in a SaaS business, vendor firm, or IoT provider, it’s already showing up in audits and RFPs.
Watch our recent webinar, with additional downloads
It’s a new government-issued benchmark outlining what “good security” should look like for organisations that develop or distribute software in the UK. The goal: make software less vulnerable, by design.
It borrows from best practice frameworks like the EU Cyber Resilience Act and NCSC guidance, and it sets the bar across four domains:
UK businesses are increasingly reliant on SaaS, but many vendors don’t fully secure their development environments. Common weak points include:
Even if you’re “doing your best”, that may not meet the new bar. If you’re asked to demonstrate secure-by-design practices, can you?
Start with NCSC-backed frameworks. Ensure developers are trained, third-party components are reviewed, and security testing is part of every release.
Your dev pipeline should be monitored and access-controlled. Assume it’s a target.
Make it easy for users to report vulnerabilities. Communicate clearly on patching, support windows, and end-of-life timelines.
Whether it’s an auditor, client, or procurement team—be ready to show how your security practices align to these principles.
Complying with the Code isn’t just good hygiene—it’s becoming a market requirement. Boards and buyers are increasingly treating voluntary codes as de facto standards.
FoxTech can help. Our team audits secure development lifecycles, stress-tests your build pipeline, and helps embed cyber by design.
Take 60 seconds to start the Cyber Risk review
Keeping up to date with cybersecurity regulations is vital for businesses aiming to protect data, ensure legal compliance and nurture client trust. These regulations have been put in place to establish standards that help organisations
In today’s digital landscape, organisations rely on internet-facing systems to support their operations, from websites and email servers to cloud applications and remote access tools. However, these systems also represent prime targets for cybercriminals looking
MFA Fatigue The Shift to Phishing Resistant Authentication It’s long been widely known that in the real world passwords alone are not a great way to authenticate users. Some people pick simple passwords that can
