New code to strengthen UK cyber resilience
A new voluntary Software Security Code of Practice has been launched to improve the security and resilience of software used by businesses and organisations across the UK.
Unveiled at the CyberUK 2025 event on 7 May 2025, the Code sets out 14 principles for software vendors to help reduce the risk and impact of software supply chain attacks and other resilience issues.
These often stem from avoidable weaknesses in development and maintenance practices, as well as poor communication between vendors and customers.
The Code was developed jointly by the Department for Science, Innovation and Technology (DSIT) and the National Cyber Security Centre (NCSC), with input from industry, academia, and the public through a consultation held between May and August 2024. It has been co-sealed by the Canadian Centre for Cyber Security.
Read the new Software Security Code of Practice.
DSIT and NCSC have written a joint blog explaining software security and the need for technology to be ‘secure by design’. The NCSC has also provided further details on the Code for developers, vendors and consumers.
First published 14 May 2025
