Vulnerable to a SolarWinds-style attack?
Attackers, believed to be a Russian state-sponsored hacking group, accessed SolarWinds’ software development system and injected malicious code
21 May 2021
Get the latest cyber news and updates straight to your inbox.
If you sell or build software in the UK, you’ve just been handed a new benchmark to hit. The Department for Science, Innovation and Technology (DSIT) has introduced a new Software Security Code of Practice. It’s voluntary—for now—but if you’re a CTO, CISO or technical leader in a SaaS business, vendor firm, or IoT provider, it’s already showing up in audits and RFPs.
Watch our recent webinar, with additional downloads
It’s a new government-issued benchmark outlining what “good security” should look like for organisations that develop or distribute software in the UK. The goal: make software less vulnerable, by design.
It borrows from best practice frameworks like the EU Cyber Resilience Act and NCSC guidance, and it sets the bar across four domains:
UK businesses are increasingly reliant on SaaS, but many vendors don’t fully secure their development environments. Common weak points include:
Even if you’re “doing your best”, that may not meet the new bar. If you’re asked to demonstrate secure-by-design practices, can you?
Start with NCSC-backed frameworks. Ensure developers are trained, third-party components are reviewed, and security testing is part of every release.
Your dev pipeline should be monitored and access-controlled. Assume it’s a target.
Make it easy for users to report vulnerabilities. Communicate clearly on patching, support windows, and end-of-life timelines.
Whether it’s an auditor, client, or procurement team—be ready to show how your security practices align to these principles.
Complying with the Code isn’t just good hygiene—it’s becoming a market requirement. Boards and buyers are increasingly treating voluntary codes as de facto standards.
FoxTech can help. Our team audits secure development lifecycles, stress-tests your build pipeline, and helps embed cyber by design.
Take 60 seconds to start the Cyber Risk review
Attackers, believed to be a Russian state-sponsored hacking group, accessed SolarWinds’ software development system and injected malicious code
We live in a hyper-connected world and cyber threats are constantly evolving due to this connection. From highly targeted phishing attacks to sophisticated ransomware, today’s cyber attack tactics are becoming increasingly advanced and more difficult
Your organisation’s greatest security risk isn’t a shadowy hacker in a hoodie – it’s the well-meaning employee who shares passwords to meet a project deadline, uses Dropbox because the approved file-sharing system is too slow,
