UK unveils Software Security Ambassadors to push new code
The UK government has named 13 organisations as the country's first Software Security Ambassadors, as part of a push to increase adoption of a new Software Security Code of Practise.
The group includes Cisco, Sage, Lloyds Banking Group and Santander, alongside cybersecurity suppliers Palo Alto Networks and NCC Group. Professional bodies ISACA and ISC2 have also joined the scheme.
The Department for Science, Innovation and Technology said the ambassadors will work with government to promote the code in their sectors. The organisations will also provide operational input that will inform government policy on software security.
Code priorities
The Software Security Code of Practise sets out priorities for business leaders and software suppliers. These include secure design and development practices, regular maintenance of software products, and clearer communication with customers.
The government said the code focuses on software relied upon by businesses and organisations in day-to-day operations. It framed the initiative as part of a wider "secure by design" approach for technologies used by businesses and consumers.
DSIT also linked the work to other cyber policy measures. It cited the Product Security and Telecommunications Infrastructure Act. The department described the act as regulations that ban default and easily guessable passwords. It also cited increased transparency on the security protections of devices.
Ambassador scheme
The ambassador programme runs for a year. The participants will share examples and case studies on how organisations implement the code. They will also promote the code across their industries.
DSIT said the scheme will include engagement with government and parliamentarians. It also said the initiative follows the return of the Cyber Security and Resilience Bill to Parliament.
In a statement ahead of a launch event, Cyber Security Minister Liz Lloyd pointed to the breadth of organisations affected by software security issues.
"Whether it's a start-up, scale up, or a multinational, every business is dependent on software in its day-to-day operations. That reliance makes an attractive target for cyber criminals, so it's vital we work together to tackle threats head on and ensure the tools used by firms up and down the country are safe and secure from the moment they're used," said Cyber Security Minister Liz Lloyd.
"The Software Security Code of Practise gives clear, practical steps to embed strong protections from day one – across supply chains, boardrooms, and beyond. By working together to safeguard businesses, consumers, and workers, we're not just defending against risk – we're building the resilience that powers growth and renewal nationwide," added Lloyd.
Industry views
Sage said it sees a need for practical guidance that fits the realities of smaller firms. The company framed the code as a way to raise expectations for secure software across the market.
"Software security is essential for keeping businesses running and customers safe. By supporting the Software Security Code of Practise, we want to raise the standard for secure software, so that small and mid-sized businesses are better protected without needing specialist expertise,' said Sage's Chief Information Security Officer, Gustavo Zeidan.
"Clear, consistent guidance shaped jointly by government and industry will strengthen standards across the market and supply chains," said Zeidan.
"To make it work in practice, the standards need to be built in conjunction with SMBs, tested in real workflows, and simple enough for a small team to apply without requiring specialist skills or complex set-up," added Zeidan.
Participants list
DSIT named the participating organisations as Cisco, Sage, Palo Alto Networks, Zaizi, Hexiosec, Nexor, Santander, Lloyds Banking Group, NCC Group, Accenture, ISACA, ISC2 and Salus Cyber.
The department said the ambassadors will now begin sharing implementation examples and promoting the Software Security Code of Practise within their sectors.