Software Engineering Institute

The Secure Coding Plan is intended to be used as a government-provided document that is part of the acquisition's government reference library. It is written to be customized by the acquisition organization to meet individual program needs. The information and methodologies dealing with implementing secure coding practices are continually evolving to meet the changing threats which arise on a daily basis. The requirements to support secure coding in acquisitions need to account for this and provide the flexibility to enable developers and testers to use current, best practices to support their efforts. 

The Secure Coding Plan is to provide a consistent, complete set of requirements with references to implement secure coding practices for acquisition organizations. The plan is designed to be tailored by individual acquisition organizations for use in their specific programs. The plan will identify ties to program CDRLs and milestones so that a better understanding of the effort required to support the implementation of secure coding practices can be evaluated and planned for by the contractors and the acquisition organizations. The Secure Coding Acquisition Approach slide set further refines the plan.