How this framework helps

It's common for decision-makers in software delivery organisations to not know what they should be doing to ensure the security of their products.

We created the Product Security Capability Framework to provide a clear way of thinking about software product security and the delivery activities that lead to building and maintaining the right level of security for your customers and your organisation.

This framework is designed to be the foundation of:

  • Your point-in-time appraisals of current security capability
  • The security policy defining how your organisation works to build secure products
  • Your strategic product security programme for continuous improvement

By doing these things, the framework "frames the work" of building the required security capabilities into your software delivery organisation.

If it matters for software product security, then it's a capability in the PSCF

That's a bold claim, but we're confident in making it due to how we've derived the capabilities in this framework. Check out the framework core concepts to find out more.

What is a framework?