Get the latest cyber news and updates straight to your inbox.
If you sell or build software in the UK, you’ve just been handed a new benchmark to hit. The Department for Science, Innovation and Technology (DSIT) has introduced a new Software Security Code of Practice. It’s voluntary—for now—but if you’re a CTO, CISO or technical leader in a SaaS business, vendor firm, or IoT provider, it’s already showing up in audits and RFPs.
Watch our recent webinar, with additional downloads
It’s a new government-issued benchmark outlining what “good security” should look like for organisations that develop or distribute software in the UK. The goal: make software less vulnerable, by design.
It borrows from best practice frameworks like the EU Cyber Resilience Act and NCSC guidance, and it sets the bar across four domains:
UK businesses are increasingly reliant on SaaS, but many vendors don’t fully secure their development environments. Common weak points include:
Even if you’re “doing your best”, that may not meet the new bar. If you’re asked to demonstrate secure-by-design practices, can you?
Start with NCSC-backed frameworks. Ensure developers are trained, third-party components are reviewed, and security testing is part of every release.
Your dev pipeline should be monitored and access-controlled. Assume it’s a target.
Make it easy for users to report vulnerabilities. Communicate clearly on patching, support windows, and end-of-life timelines.
Whether it’s an auditor, client, or procurement team—be ready to show how your security practices align to these principles.
Complying with the Code isn’t just good hygiene—it’s becoming a market requirement. Boards and buyers are increasingly treating voluntary codes as de facto standards.
FoxTech can help. Our team audits secure development lifecycles, stress-tests your build pipeline, and helps embed cyber by design.
Take 60 seconds to start the Cyber Risk review
We live in the digital era and with this in mind, cyber threats are no longer random or indiscriminate. They are growing everyday, becoming more precise, personalised and well-researched. One of the most dangerous cyber
Watch as Tommy explains what Ransomware is, the techniques attackers use and how you can avoid being a victim.
Vulnerability scanning is the use of specialist tools and expert analysis to identify any vulnerabilities or weaknesses in your IT system, which could open the door to hackers.
