Assure Software Security

The Secure Software Alliance (SSA) is a public-private program, in which developers of software, end users, professional bodies, institutes for research and education and the Dutch Ministry of Economic Affairs and Climate cooperate. The goal is to make security of software measurable, manageable and controllable. So that parties can provide assurance to the user of software that software is safe enough for the context in which software is used and the risks a user is willing to accept. 

Secure Software Framework

The SSA published the first version of the Secure Software Framework (SSF) in 2015. It is since then applied in several software development contexts. In 2018 the framework was updated with the Agile software development processes in mind.

In 2018 the SSA published, in cooperation with the Dutch chapter of the Information Systems Audit and Control Association (ISACA), an international in-depth publication about the framework and its backgrounds.


The framework is the result of and is applied by software developers in innovative projects, where security of software is of the utmost importance. In 2019 the alliance started pilots to show and document what application of the framework means for software development processes and for the users of software. The results will be published in 2020.

SSA Goals

  • Creation of software security awareness at all levels in the organization
  • Stimulate activities that contribute to increase software security.
  • Trustee of the (open source) Secure Software Framework
  • Develop a secure software certificate model for software based upon a positive advice from an inspection-organization accredited by the SSA.
  • Follow and contribute to (international) initiatives in the area of secure software development
  • Work together with other private and public organizations with similar interests.

Board members

Danny Onwenzen
Danny Onwezen
Chairman

Danny is highly experienced in risk management with a strong focus on security (by design) and privacy. He has broad international experience and is founder of Scyber. This company manage cyber risks to be secure in cyber and maximize the benefits of digital business, building trust in cyber. Danny is an experienced risk manager in vital and non vital sectors, and delivers strategic services in various sectors, e.g. airports, banking, health care, telecommunication, energy and nuclear industry.

Barry Derksen
Barry Derksen
Board member

Barry is associate professor at the University of Antwerp and involved as research director at BITTIHe is a business consultant with management experience at the interface of management, organizational information and ICT, where complex issues need to be clarified and realized for the Board of Directors and management.