In the dynamic landscape of digital security, safeguarding information assets stands as a paramount concern for organizations. This paper presents a comprehensive initiative undertaken by INFN, a prominent player in research, to bolster the security posture of its open-source components within the DataCloud production middleware. Central to this initiative is the recognition of the pivotal role security plays in the software development lifecycle (SDLC). The paper outlines INFN’s strategic approach to align with industry standards such as OWASP SAMM and ISO/IEC 27002 frameworks. Through collaboration and proactive measures, INFN aims to establish virtuous processes aimed at enhancing security governance, self-assessment, continuous monitoring, and timely responses to emerging vulnerabilities. The ultimate goal is to cultivate a more secure and resilient software ecosystem tailored to scientific data analysis.