top of page

About The Secure Code Alliance

The Secure Code Alliance (SCA) was formed in 2021 to address the need that organizations have to ensure its developers are aware of and implement Secure Software Development Practices (SSDP) in order to minimize the threat posed by malicious actors against the organization’s applications, services and processes. 

 

The SCA’s conformity assessment is the Developing Security & Privacy by Design (DSPD) initiative. The DSPD is an effort to promote transdisciplinary competency for developers to deliver trustworthy Applications, Services and Processes (ASP). This concept of competency is focused on a practitioner’s or architect’s ability to:

  • Work with stakeholders to ensure that security objectives, protection needs/concerns, security requirements and associated validation methods are defined;

  • Define security and privacy requirements, including associated verification methods;

  • Develop security views and viewpoints of the system architecture and design;

  • Identify and assess susceptibilities and vulnerabilities to lifecycle hazards and adversities;

  • Design proactive and reactive features and functions encompassed within a balanced strategy to control asset loss and associated loss consequences;

  • Provide security considerations to inform systems engineering efforts with the objective to reduce errors, flaws and weaknesses that may constitute a security vulnerability;

  • Perform system security analyses and interprets the results of system security-relevant analyses in support of decision-making for engineering trades and risk management;

  • Identify, quantify and evaluate the costs and benefits of security features and functions and considerations to inform assessments of alternative solutions, engineering trade-offs and risk treatment decisions;

  • Demonstrate through evidence-based reasoning that security and trustworthiness claims for the system have been satisfied; and

  • Leverage multiple security and other specialties to address all feasible solutions.

OUR VISION
OUR MISSION

The SCA’s vision is that organizations from all industries ensure that the development of applications, services and processes employ adequate security and privacy measures throughout the Software/System Development Life Cycle (SDLC) to ensure security and privacy-related risks are identified and remediated appropriately.

 

The SCA’s conformity assessment methodology is designed with these concepts in mind:

  • Identify the discipline basics for SSDP in terms of its principles, concepts and activities; and

  • Foster a common mindset to deliver secure applications, services and processes, regardless of its purpose, type, scope, size, complexity, or stage of the SDLC.

The SCA’s mission is to improve the awareness and adherence to SSDP by application developers and architects through operating a conformity assessment methodology that:

  • Spans the design, development and maintenance of applications, services and processes;

  • Educates applicants through reinforcing reasonably-expected security and privacy principles, based on voluntary consensus standards that considered developer-specific industry-recognized practices; and

  • Leverages an online platform to test applicants on subject matter expertise that awards the applicant with a Certificate of Conformity (CoC) upon receiving a successful score.

OUR STRATEGY

The SCA’s strategy is to:

 

The DSPD initiative is focused on developing a conformity assessment methodology that addresses:

  • "Practitioner-level competency" among developers; and

  • "Expert-level competency" among architects.

Developing Security & Privacy by Design (DSPD) Initiative

DSPD Initiative

As a personnel certification body, the SCA determines if an applicant fulfils certification requirements. Each applicant’s subject matter expertise on selected voluntary consensus standards is tested to determine if an acceptable level of competency is met.

 

Per ISO/IEC 17024 guidelines, certifications:

  • Are meant to be a public statement or declaration that an individual has passed an examination and otherwise met specified criteria demonstrating that the individual has the competencies necessary to successfully perform the role and responsibilities that comprise a specific occupation;

  • Are granted for a limited period of time;

  • Must be renewed to ensure that individuals continue to possess the competencies required to perform the job; and

  • May require ongoing education and/or assessment and/or experience for renewal.

 

The DSPD initiative’s conformity assessment leverages an online platform to test applicants on subject matter expertise through a one hundred (100) question set of multiple-choice problems. The DSPD leverages the three (3) general types of test questions and principle areas of focus that are used when constructing test questions:

  1. Recall;

  2. Application; and

  3. Analysis.

OTHER LINKS
Privacy Notice
Blog
SOCIAL
  • LinkedIn
  • Twitter
ABOUT

support@securecodealliance.com

​

30 N Gould St

Suite R

Sheridan, WY 82801

Subscribe To The SCA Newsletter

Thanks for subscribing!

SCA - Horizontal (B&W).png

© 2023 by Secure Code Alliance, LLC (SCA). All rights reserved.

This website does not render professional services advice and is not a substitute for dedicated professional services. If you have compliance questions, you should consult a cybersecurity or privacy professional to discuss your specific needs. SCA disclaims any liability whatsoever for any documentation, information, or other material which is or may become a part of the website. SCA does not warrant or guarantee that the information will not be offensive to any user. User is hereby put on notice that by accessing and using the website, user assumes the risk that the information and documentation contained in the website may be offensive and/or may not meet the needs and requirements of the user. The entire risk as to the use of this website is assumed by the user. SCA reserves the right to refuse service, in accordance with applicable statutory and regulatory parameters.

bottom of page