CIS and SAFECode update software security guide with AI guidance
CIS and SAFECode released Secure by Design v1.1 on July 15, 2026, updating their guide for assessing software security practices. The new version adds AI-specific guidance, refreshed policy references and stronger evidence-based assessment resources as secure development expectations rise.
Why it matters: - Software teams, buyers and assessors need a common way to judge whether secure development practices are actually being used. - The updated guide is designed to push organizations beyond compliance checklists and toward measurable security outcomes. - AI is now part of the software development workflow, so secure development guidance has to cover AI-assisted coding, testing and remediation.
What happened: - CIS and SAFECode released Secure by Design v1.1: A Guide to Assessing Software Security Practices on July 15, 2026. - The updated guide is built to help software developers, customers and assessors evaluate and improve software security practices. - The guide is based on the National Institute of Standards and Technology Secure Software Development Framework. - The guide maps practices to CIS Critical Security Controls, SAFECode Development Groups, organizational roles and development artifacts.
The details: - Version 1.1 expands coverage of artificial intelligence in secure software development. - The update adds guidance on AI-assisted software development, AI-enabled threat modeling, AI-driven vulnerability discovery and remediation, and applications that incorporate AI systems. - The guide says AI-generated code should go through the same testing, review and validation as human-written software. - The update also refreshes references to evolving cybersecurity policies and initiatives. - The guide strengthens assessment resources so organizations can demonstrate Secure by Design adoption with measurable evidence. - The six foundational Secure by Design considerations remain: Secure Software Design, Secure Development, Secure Default Configuration, Supply Chain Security, Code Integrity and Vulnerability Remediation. - The guide is intended for software development organizations, software acquirers, government agencies, industry assessors and policymakers. - The guide emphasizes evidence-based assessment and continuous improvement. - CIS and SAFECode say the updated guidance helps organizations demonstrate security maturity and compliance. - The release reflects ongoing developments in CISA's Secure by Design initiative, evolving NIST software security activities and the European Union's Cyber Resilience Act.
Between the lines: - The update signals that secure software guidance is shifting from static best practices toward proof-based evaluation. - The explicit AI language suggests the organizations want secure development standards to keep pace with how code is now being written and analyzed. - The focus on evidence and artifacts points to growing pressure from customers, regulators and assessors for auditable security practices.
What's next: - CIS and SAFECode are making media interviews available about Secure by Design v1.1 at media@cisecurity.org. - More information about the partnership and the guides is available at the organizations' website. - The guide is likely to be used by organizations updating secure development programs in response to changing policy and AI-related risks.
The bottom line: - Secure by Design v1.1 turns updated policy and AI realities into a more practical framework for measuring software security.
Disclaimer: This article was produced by AGP Wire with the assistance of artificial intelligence based on original source content and has been refined to improve clarity, structure, and readability. This content is provided on an “as is” basis. While care has been taken in its preparation, it may contain inaccuracies or omissions, and readers should consult the original source and independently verify key information where appropriate. This content is for informational purposes only and does not constitute legal, financial, investment, or other professional advice.
Sign up for:
EU Politics Today
The daily local news briefing you can trust. Every day. Subscribe now.
Check Your Email!
We sent a one-time activation link to: .
Confirm it's you by clicking the email link.
If the email is not in your inbox, check spam or try again.
Welcome back!
is already signed up. Check your inbox for updates.