#Japan #Tokyo #Secure Software #SSDF #Software Association

Launch of Japanese Translation of the Secure Software Development Framework (SSDF)

Introduction

The Software Association of Japan (SAJ), headquartered in Minato, Tokyo, is proud to announce the release of the Japanese translation of the "NIST Special Publication 800-218: Secure Software Development Framework (SSDF) Version 1.1." This crucial document has been translated with the official permission of the U.S. National Institute of Standards and Technology (NIST). The translation serves as a compliant version that could potentially be recognized as the official translation on the NIST resource site in the future.

What is SSDF?

The SSDF provides a systematic framework that articulates fundamental and robust practices essential for secure software development. It encompasses the entire development process and addresses a variety of stakeholders, including:

- Software Developers: It offers practical guidelines for developers to write secure code and discover vulnerabilities early in the development cycle.

- Software Acquirers (Purchasers): For those involved in the procurement of software, it acts as a common language to clarify security requirements and facilitate smoother communication with suppliers.

- Product Managers: The framework equips product managers with the tools to oversee security risks throughout the development project and implement appropriate measures.

- Security Personnel: It serves as a reference for those establishing security standards across organizations and conducting training or audits for development teams.

- Executive Management: The SSDF provides strategic guidelines to enhance organization-wide awareness of security and strengthen risk management practices.

Global Relevance

The SSDF framework is universally recognized and is actively utilized to promote the secure development and supply of software, not just in the U.S. but also around the world. Since 2022, the focus on strengthening cybersecurity cooperation among the Quad countries (the U.S., Japan, Australia, and India) has underscored the significance of ensuring safety within software supply chains, making it an urgent policy issue.

The Japanese translation was completed by a dedicated group of SAJ members, who honored the original structure and terminology while prioritizing accuracy. The translation aims to enhance the understanding and implementation of secure development practices within Japan and contribute to a broader comprehension of international security standards.

Ongoing Efforts by SAJ

The Software Association of Japan is committed to ongoing efforts to improve software safety and security. With the release of this translation, we hope to foster broader adoption of secure development practices among stakeholders in Japan.

Acknowledgments

A special thank you is due to the project members who contributed to this translation:

- Yoichi Akio (Cybozu, Inc.)
- Yurika Kaiuchi (Microsoft Corp.)
- Yasuhiro Suzuki (Assured, Inc.)
- Toshihiro Tagami (Cybertrust, Inc.)
- Yumi Tomita (Cybertrust, Inc.)
- Kenta Hagiwara (GOFU, Inc.)
- Shoko Honda (Trend Micro, Inc.)

Also, we express our gratitude to the reviewer, Tomoki Ito of the JPCERT Coordination Center.

About Software Association of Japan (SAJ)

SAJ remains committed to promoting a digital society powered by software. With a vision of shaping the future of software, we focus on supporting all organizations and individuals involved in the software domain. To learn more about us, visit our website at SAJ Official Website.