Shimon Brathwaite discusses the ongoing efforts of the National Institute of Standards and Technology (NIST) to develop standards for secure coding practices aimed at mitigating security vulnerabilities in software. NIST, a part of the US Department of Defense, plays a crucial role in establishing cybersecurity standards and is now focusing on expanding its expertise into secure coding to prevent vulnerabilities like cross-site scripting and SQL injections. This initiative is aligned with a risk-based approach, which considers the specific threats an organization might face and suggests appropriate controls to enhance software security throughout the Software Development Lifecycle (SDLC). The new standards aim to reduce development delays, address root causes of vulnerabilities, and improve collaboration between development, operations, and security teams. NIST is also working on creating both high-level international standards and practical guidelines that companies can implement to ensure secure software development. This effort is part of a broader government mandate to enhance cybersecurity, as highlighted by Executive Order 14028, which focuses on securing the software supply chain.