top of page

About The Secure Code Alliance

The Secure Code Alliance (SCA) was formed in 2021 to address the need that organizations have to ensure its developers are aware of and implement Secure Software Development Practices (SSDP) in order to minimize the threat posed by malicious actors against the organization’s applications, services and processes. 


The SCA’s conformity assessment is the Developing Security & Privacy by Design (DSPD) initiative. The DSPD is an effort to promote transdisciplinary competency for developers to deliver trustworthy Applications, Services and Processes (ASP). This concept of competency is focused on a practitioner’s or architect’s ability to:

  • Work with stakeholders to ensure that security objectives, protection needs/concerns, security requirements and associated validation methods are defined;

  • Define security and privacy requirements, including associated verification methods;

  • Develop security views and viewpoints of the system architecture and design;

  • Identify and assess susceptibilities and vulnerabilities to lifecycle hazards and adversities;

  • Design proactive and reactive features and functions encompassed within a balanced strategy to control asset loss and associated loss consequences;

  • Provide security considerations to inform systems engineering efforts with the objective to reduce errors, flaws and weaknesses that may constitute a security vulnerability;

  • Perform system security analyses and interprets the results of system security-relevant analyses in support of decision-making for engineering trades and risk management;

  • Identify, quantify and evaluate the costs and benefits of security features and functions and considerations to inform assessments of alternative solutions, engineering trade-offs and risk treatment decisions;

  • Demonstrate through evidence-based reasoning that security and trustworthiness claims for the system have been satisfied; and

  • Leverage multiple security and other specialties to address all feasible solutions.


The SCA’s vision is that organizations from all industries ensure that the development of applications, services and processes employ adequate security and privacy measures throughout the Software/System Development Life Cycle (SDLC) to ensure security and privacy-related risks are identified and remediated appropriately.


The SCA’s conformity assessment methodology is designed with these concepts in mind:

  • Identify the discipline basics for SSDP in terms of its principles, concepts and activities; and

  • Foster a common mindset to deliver secure applications, services and processes, regardless of its purpose, type, scope, size, complexity, or stage of the SDLC.

The SCA’s mission is to improve the awareness and adherence to SSDP by application developers and architects through operating a conformity assessment methodology that:

  • Spans the design, development and maintenance of applications, services and processes;

  • Educates applicants through reinforcing reasonably-expected security and privacy principles, based on voluntary consensus standards that considered developer-specific industry-recognized practices; and

  • Leverages an online platform to test applicants on subject matter expertise that awards the applicant with a Certificate of Conformity (CoC) upon receiving a successful score.


The SCA’s strategy is to:


The DSPD initiative is focused on developing a conformity assessment methodology that addresses:

  • "Practitioner-level competency" among developers; and

  • "Expert-level competency" among architects.

Developing Security & Privacy by Design (DSPD) Initiative

DSPD Initiative

As a personnel certification body, the SCA determines if an applicant fulfils certification requirements. Each applicant’s subject matter expertise on selected voluntary consensus standards is tested to determine if an acceptable level of competency is met.


Per ISO/IEC 17024 guidelines, certifications:

  • Are meant to be a public statement or declaration that an individual has passed an examination and otherwise met specified criteria demonstrating that the individual has the competencies necessary to successfully perform the role and responsibilities that comprise a specific occupation;

  • Are granted for a limited period of time;

  • Must be renewed to ensure that individuals continue to possess the competencies required to perform the job; and

  • May require ongoing education and/or assessment and/or experience for renewal.


The DSPD initiative’s conformity assessment leverages an online platform to test applicants on subject matter expertise through a one hundred (100) question set of multiple-choice problems. The DSPD leverages the three (3) general types of test questions and principle areas of focus that are used when constructing test questions:

  1. Recall;

  2. Application; and

  3. Analysis.

bottom of page