Development Practices

Today’s post was co-authored by Eric Baize, EMC, SAFECode Board Member and Steve Lipner, Microsoft, SAFECode Board Chair Customers frequently ask all software developers – including SAFECode members – how they can be confident in the security of the software they acquire.  We are well aware that acquired software can introduce new vulnerabilities into IT environments and […]

READ MORE

Today has been a really exciting day for SAFECode.  I am writing from our table at the Security Development Conference, a great event focused on implementing the latest in security development techniques and processes. Howard had the honor of helping kick off the conference with one of the morning keynotes, and discussed the important role […]

READ MORE

The members of SAFECode have all made major investments in our development processes aimed at improving the security of the software we produce.  Security is important to customers who use software to process critical information and to manage critical business processes.  Our real-world experience has shown that having a secure development process is the most […]

READ MORE

Today, SAFECode released “Practical Security Stories and Security Tasks for Agile Development Environments.” This new paper presents security flaws and secure development practices in an actionable format for Agile software development. Today’s guest blogger, Vishal Asthana, Senior Principle Software Engineer, Product Security Group, Symantec, was a lead author of the paper.  Vishal discusses practical security stories […]

READ MORE

As a follow-up to the release of SAFECode’s paper, “The Software Supply Chain Integrity Framework: Defining Risks and Responsibilities for Securing Software in the Global Supply Chain,” I thought I would elaborate on a core concept of the report: the definition of software integrity and how it relates to software assurance. Software assurance is most frequently […]

READ MORE

Finally catching up after the RSA Conference.  It was a fantastic week for SAFECode, which we kicked off with a board of directors meeting.  The board discussed some exciting projects we’ve planned for the next few months on issues such as software integrity in the global supply chain, measurability and software assurance R&D, and I […]

READ MORE

Hello, this is Antti Vähä-Sipilä from Nokia.  I thought I’d use my first entry here as a guest blogger to talk about marrying software security and Scrum, an area which has recently kept me busy. I’ve seen many people claim that agile methods and security are mutually exclusive, as ‘agile’ is interpreted as ‘laissez-faire’.  I […]

READ MORE

Today is an exciting day for SAFECode – two new announcements, a new blog to talk about them in, and a board of directors meeting. We have brought our members together for a board meeting at the RSA Conference to hammer out some details on our current projects, plan our future efforts and meet with […]

READ MORE

Software Assurance Forum for Excellence in Code (SAFECode) - All Rights Reserved

Share
Share