Draft:NIST Secure Software Development Framework

Submission declined on 2 December 2024 by Ibjaja055 (talk).

This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources.

If you would like to continue working on the submission, click on the "Edit" tab at the top of the window.
If you have not resolved the issues listed above, your draft will be declined again and potentially deleted.
If you need extra help, please ask us a question at the AfC Help Desk or get live help from experienced editors.
Please do not remove reviewer comments or this notice until the submission is accepted.

Where to get help

If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews.
If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed.

How to improve a draft

Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia.
Help:Wikitext – how to use the markup
Help:Referencing for beginners – how to include references
Wikipedia:Article development – how to develop your article
Wikipedia:Writing better articles – how to improve your article
Wikipedia:Verifiability – make sure your article includes reliable third-party sources

You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article.

Improving your odds of a speedy review

To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags.

Add tags to your draft

Editor resources

Easy tools: Citation bot (help) | Advanced: Fix bare URLs

Declined by Ibjaja055 9 days ago. Last edited by 65.246.13.11 4 days ago. Reviewer: Inform author.

Resubmit

Please note that if the issues are not fixed, the draft will be declined again.

SSDF was developed by NIST based on US Presidential Executive Order 14028 Section 4 (dated May 12, 2021)^[1]. It provides a framework for securely developing software in the wake of software supply chain attacks and the prevalent use of open source software and third-party libraries. A major concept that was made popular by SSDF was the software bill of materials (SBOM) and the need for documenting the provenance (origin and history) of all software used in a system.

The first version of SSDF (NIST SP 800-218) was published in Feb 2022.

In general, any software that ends up being in a system sold to a US federal agency, must have an SSDF self-attestation form submitted by the developer.

References

^ Loehr, Tony (2021-12-13). "Executive Order 14028: NIST SSDF Explained". Cycode. Retrieved 2024-12-07.

[1] Loehr, Tony (2021-12-13). "Executive Order 14028: NIST SSDF Explained". Cycode. Retrieved 2024-12-07.

[1]