US Flag Official website of the Department of Homeland Security
U.S. Department of Homeland Security Seal. Build Security In. Setting a higher standard for software assurance.

What is Build Security In?

Build Security In is a collaborative effort that provides practices, tools, guidelines, rules, principles, and other resources that software developers, architects, and security practitioners can use to build security into software in every phase of its development.

Improve Security and Software Assurance: Tackle the CWE Top 25 Most Dangerous Software Errors

The Top 25 CWEs represent the most significant exploitable software constructs that have made software so vulnerable. Addressing these will go a long way in securing software, both in development and in operation. Read more and see the list of Top 25 CWE Most Dangerous Software Errors on the Software Assurance Community Resources and Information Clearinghouse website.

Consistent with this list is the Top 10 Project by the Open Web Application Security Project (OWASP). OWASP’s report captures the top ten risks associated with the use of web applications in an enterprise. Download the report, which contains examples and details that explain these risks to software developers, managers, and anyone interested in the future of web security, for free here.

Interact With Us

Community Collaboration

To access other software assurance materials or to join the collaboration efforts of a related working group, visit the DHS Software Assurance Program's Community Resources and Information Clearinghouse.

Volunteer to review new articles for publication on BSI. See the Call for Reviewers for details.

Sponsor and Contributors

Build Security In is a Software Assurance strategic initiative of the National Cyber Security Division (NCSD) of the U.S. Department of Homeland Security. Peer-reviewed material written by many authors is presented for public use. See Contributing Authors and Reviewer Acknowledgments.

Process Agnostic Approach

BSI articles are grouped in a process agnostic view. The content areas are classified in the following sections: Requirements, Architecture & Design, Code, Test, System, Management, and Fundamentals.



Back to Top