top of page

SCA Body of Knowledge (SCA-BoK) & Reference Materials

The SCA references numerous leading frameworks and standards for Secure Software Development Practices (SSDP) in an effort to provide “industry-recognized secure practices” references. These voluntary consensus standards, most publicly available at no cost, are referenced by the SCA's conformity assessment.

Industry-Recognized Secure Practices

For industry-recognized secure practices, the SCA’s intent is to leverage freely-available content that are available at no cost to the public. In the realm of secure development practices, there are certain voluntary consensus standards that are important to consider as industry-recognized practices and those primarily include, but are not limited to:

Useful References

For reference materials, the following material can be valuable:

Secure Code Alliance Body of Knowledge (SCA-BoK)


The SCA-BoK is a summarized version of these industry-recognized secure practices that provides expectations for knowledge / competency associated with the Certified SCA Practitioner (CSCAP) and Certified SCA Architect (CSCAA) roles.

bottom of page