SAFECode Blog

About Our Blog

SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. We created this blog so that we could keep you posted on new developments in software assurance and our ongoing work in this area.

Please note that the opinions expressed in this blog are those of the writer or contributor and do not necessarily reflect the opinions of SAFECode or its member companies.

*First published Nov. 14. 2017 in TechTarget’s SearchSecurity
By Steve Lipner, Executive Director, SAFECode

Every year, hundreds of thousands of software developers join the workforce without a basic knowledge of security. The burden of educating and training developers on software security is left to the development organizations that hire them.

READ MORE

*First published Oct. 16, 2017 in CSOonline
By Steve Lipner, Executive Director, SAFECode

Focusing on culture might be the most important thing an organization can do when developing secure software. One of the toughest technical challenges in software security isn’t even technical. It’s cultural. Developers are responsible for making the code secure but, in many cases, have not lived up to their responsibility.

READ MORE

By Eric Baize, Chairman, SAFECode Software security is less and less about technology and more and more about culture. I would contend that today, for the most part, we know what it takes to build secure software.  What we are struggling with is how to make secure software a reality on a large scale.  This […]

READ MORE

By Carol Clark, Director of Marketing, SAFECode Eric Baize believes culture is an essential part of human society. But the SAFECode Chairman and Vice President, Product Security at Dell EMC is not talking about poetry or opera. Instead, Baize will be representing SAFECode and discussing culture as it relates to software development. During his keynote […]

READ MORE

During a wide-ranging interview on a recent episode of “Security Weekly” – a security podcast hosted by Paul Asadoorian – SAFECode’s Steve Lipner discussed how organizations and developers can take advantage of SAFECode’s new threat modeling and third party component best practices white papers. Here are some of Steve’s insights from the discussion. To hear […]

READ MORE

Izar Tarandach & Brook S.E. Schoenfield A couple of years ago I was engaging a new team into our Secure Development Life cycle (SDL) process. One of the initial activities is Threat Modeling, and in discussion with a product architect, I was asked, “We have a working design here, and now you want to come […]

READ MORE

By Tania Skinner, Product Security Strategist, Intel Corporation The Managing Security Risks Inherent in the Use of Third-party Components White Paper is now available.  Below is a brief preview of the document.  I encourage you to download it and share it with your colleagues. The use of third-party components (TPCs), including open source software (OSS) […]

READ MORE

By Steve Lipner and Eric Baize After every news cycle involving major technology players and zero-day vulnerabilities in the products or services they provide, suspicious comments questioning technology players’ commitment to software security assurance inevitably seem to resurface. The recent Wikileaks release of documents allegedly from the CIA describing zero-day exploits in major online services […]

READ MORE

The SAFECode board and members join the cybersecurity community in mourning the loss of Howard Schmidt as an industry pioneer, colleague, collaborator, and friend. Howard’s contributions to the cybersecurity community have been recognized in many ways, most recently by his receiving the 2017 Award for Excellence in the Field of Information Security. The SAFECode members […]

READ MORE

By Eric Baize, Chairman of the Board, SAFECode   SAFECode members crowded into Jillian’s directly across from the Moscone Center in San Francisco on February 15, 2017 for SAFECode’s Second Annual RSA Conference Breakfast.  Seventeen SAFECode members were honored with recognition awards for their work at the event on four white papers that are currently […]

READ MORE

Software Assurance Forum for Excellence in Code (SAFECode) - All Rights Reserved

Share
Share