Security of software often requires complicated trade-offs between strategic choices of organizations and security risks. The Framework Secure Software puts this consideration back where it belongs: with administrators and not with legal and technical staff employees. Two organizations explain how, together with software suppliers, they again take responsibility for software security.