Critical everyday activities handled by modern IoT Systems imply that security is of major concern both for the end-users and the industry. Securing the IoT System Architecture is commonly used to strengthen its resilience to malicious attacks. However, the security of software running on the IoT must be considered as well, since the exploitation of its vulnerabilities can infringe the security of the overall system, regardless of how secure its architecture may be. Thus, we present an IoT Software Security-by-Design (SSD) Platform, which provides mechanisms for monitoring and optimizing the security of IoT software applications throughout their development lifecycle, to validate the broader security of the IoT software. This paper describes the proposed SSD platform that leverages security information from all phases of development, using some novel mechanisms that have been implemented, and which can lead to a holistic security evaluation and future security certification.