Secure software and hardware form the basis for the secure use of IT products in government, business and society. The Federal Office for Information Security (BSI) therefore appeals to manufacturers to consider information security from the outset and to make it as easy as possible for users to use their products securely through secure pre-configuration.

Against this backdrop, this Technical Guideline (TG) was created in accordance with the requirements of the BSI IT-Grundschutz (IT basic protection) for secure software development processes, supplemented by the respective norms, standards and frameworks. The focus here was on the potential enhancement and structuring.

In its current version, the TG in its entirety does not apply to processes for developing software that are generally referred to as “Open Source Software (OSS)” or “free / libre and open source software (FLOSS / FOSS)”. Requirements that demand a specific consideration of the features of open source software development must be adapted for such applications.

Questions, suggestions and other comments can be directed to the contact below.

Downloads

BSI TR-03185 Secure Software Lifecycle

Contact

Federal Office for Information Security
Division S 25
P.O. Box 20 03 63
53133 Bonn, Germany

E-Mail: referat-s25@bsi.bund.de