The Payment Card Industry Security Standards Council has introduced the PCI Software Security Framework (SSF) and the Secure Software Lifecycle (SLC) Standard, which outline security requirements and assessment procedures for software vendors to manage the security of payment software throughout its entire lifecycle. The new framework replaces the current guidelines contained within the PCI Payment Application Data Security Standard [PCI PA-DSS] and is aimed at ensuring the secure use of open source components in software development. The updates require organizations to continuously monitor vulnerabilities and defenses, and adapt if threats change, as well as test application security controls and prove that their controls have not weakened or become ineffective over time. This approach aims to treat security as part of the continuous integration and delivery (CI/CD) process, rather than an afterthought. The new standards also hold security leaders accountable for ensuring the security of products and services, and require developers to participate in the defined steps for meeting compliance, including managing open source components.