Thirteen firms have signed up a UK first, voluntary Software Security Ambassadors scheme. They beside the UK Government will encourage uptake of the Software Security Code of Practice. That sets out priorities for businesses, including secure design and development practices, regular maintenance of software products, and communication with customers to ensure safety and security is baked into software from the off.
The ambassadors will now set to work on sharing examples and case studies of how the Code can be used, promoting the Code of Practice in their sectors, and providing operational insights to shape government policy. The scheme was announced on January 6, as part of the launch of the Government’s Cyber Action Plan, as featured in the February 2026 edition of Professional Security Magazine; and as the Cyber Security and Resilience Bill returned to Parliament, with a launch event by DSIT (Department for Science, Innovation and Technology) Cyber Security Minister Liz Lloyd. Also signing from the Government side is the UK official National Cyber Security Centre (NCSC).
Liz Lloyd said: “Whether it’s a start-up, scale up, or a multinational, every business is dependent on software in its day-to-day operations. That reliance makes an attractive target for cyber criminals, so it’s vital we work together to tackle threats head on and ensure the tools used by firms up and down the country are safe and secure from the moment they’re used.
“The Software Security Code of Practice gives clear, practical steps to embed strong protections from day one – across supply chains, boardrooms, and beyond. By working together to safeguard businesses, consumers, and workers, we’re not just defending against risk – we’re building the resilience that powers growth and renewal nationwide.”
The 13 are:
- Cisco;
- Sage;
- Palo Alto Networks;
- Zaizi;
- Hexiosec;
- Nexor;
- banks Santander and Lloyds Banking Group;
- NCC Group;
- Accenture;
- the industry membership bodies ISACA and ISC2; and
- Salus Cyber.
Sage’s Chief Information Security Officer, Gustavo Zeidan, said: “Software security is essential for keeping businesses running and customers safe. By supporting the Software Security Code of Practice, we want to raise the standard for secure software, so that small and mid-sized businesses are better protected without needing specialist expertise.”
“Clear, consistent guidance shaped jointly by government and industry will strengthen standards across the market and supply chains. To make it work in practice, the standards need to be built in conjunction with SMBs, tested in real workflows, and simple enough for a small team to apply without requiring specialist skills or complex set-up.”
