P-SSCRM Documentation

P.2.2 Secure coding

Control Details

Objective

Decrease the number of security vulnerabilities introduced during source code creation.

Definition

Follow secure coding standards and practices appropriate to the development languages, APIs, AI models, and environment. Examples include validating all inputs, encoding outputs, and avoiding unsafe functions. Use development environments and static analysis tools that support compliance with secure coding practices as source code is being implemented.

Assessment Questions

  1. What kind of secure coding practices are used?
  2. How are these practices communicated to developers and enforced?

Reference sources

  1. EO 4e(iv)
  2. SSDF PW.5.1
  3. SSDF-AI PW.5.1
  4. BSIMM SR3.3 CR1.4 CR3.5
  5. Self-attestation 4
  6. SAMM D-SA-1-A
  7. OSPS OSPS-GV-03