Closed call for evidence

Code of Practice for Software Vendors: call for views

• From: Department for Science, Innovation and Technology and Viscount Camrose
• Published: 15 May 2024
• Last updated: 2 August 2024 — See all updates

Summary

The government is asking for industry views on a draft code of practice for software vendors to improve the resilience and security of software.

This call for evidence ran from
9:40am on 15 May 2024 to 11:59pm on 9 August 2024

Call for evidence description

Update: 2 August 2024

There is now a new version of this document available.

Please refer to the new document.

As part of the £2.6 billion National Cyber Strategy to protect and promote the UK online, the government is working to improve cyber resilience across the UK economy. This includes improving the resilience and security of software to strengthen digital supply chains.

Following the Government’s call for views on software resilience and security for businesses and organisations, the government has undertaken extensive stakeholder engagement to develop a package of policy interventions. The interventions in this package are designed to prevent common mistakes in software development and distribution, and to improve information sharing between software vendors and their customers. Addressing these issues will reduce the likelihood and impact of software supply chain attacks and other incidents that continue to affect organisations across all sectors of our economy.

The government is now publishing a draft Code of Practice for Software Vendors. This voluntary code of practice sets out the fundamental security and resilience measures that should be expected of all organisations which develop or sell software used by businesses and other organisations. The Code of Practice aims to strengthen the foundations of the many kinds of digital technologies that all sectors of our economy rely on. 

This call for views seeks feedback on the proposed design of the Code of Practice for Software Vendors including input on how it should be implemented.

Respond to the call for views.

For more information, please read the press notice

The government is also holding a call for views on AI cyber security which is linked to this call for views on software. Please visit the AI cyber security page for further details.

You can read more about how this Code of Practice for Software Vendors aligns with the Code of Practice for AI Cyber Security on the cyber security codes of practice page.

Documents

Call for views on the Code of Practice for Software Vendors

HTML

Privacy notice - software security call for views

PDF, 172 KB, 5 pages

Published 15 May 2024
Last updated 2 August 2024 + show all updates

1. 2 August 2024

   Clarifying that this call for views is still open and the government is keen to hear the views of respondents before the deadline, which has been extended to Friday 9 August.

2. 18 July 2024

   Link to the online survey added to Call for views on the Code of Practice for Software Vendors - chapter 6 (HTML attachment).

3. 24 May 2024

   The closing date for this call for views has been extended to Friday 9 August 2024.

4. 15 May 2024

   First published.