Tania Skinner, Product Security Strategist, Intel Corporation provides an overview of the guide, its contents and how to use it in this seven-minute podcast.

*First published August 20, 2018, in CSOonline
By Steve Lipner, Executive Director, SAFECode
Understanding the security of third-party components.

By: Altaz Valani, Research Director, Security Compass
At the IEEE Cybersecurity Development Conference in Cambridge, Mass on October 2nd, I will deliver my presentation “Rethinking Secure DevOps Threat Modeling: The Need for a Dual Velocity Approach” to an audience of cyber professionals.

By: Steve Lipner, Executive Director, SAFECode
Large organizations have benefited from establishing and adopting Security Development Lifecycle (SDL) processes as a key component of their approach to delivering secure software. Many of these organizations have hundreds or even thousands of developers, and significant resources to devote to creating and operating an SDL. But what about the smaller organizations whose teams and resources are limited? They too have access to resources that can help them to adopt an SDL capable of delivering the level of software security their customers expect.

*First published March 12, 2018, in CSOonline
By Steve Lipner, Executive Director, SAFECode
Why secure development programs succeed in organizations.

By Eric Baize, Chairman, SAFECode
Recently, I had the honor of delivering the opening keynote address for the OWASP AppSec California 2018 in Santa Monica. The audience (600+ attendees) was made up of security practitioners very knowledgeable about secure development. We engaged in very spirited conversations about driving better security by changing the software development culture.

*First published March 12, 2018, in CSOonline
By Steve Lipner, Executive Director, SAFECode
The security response process is a natural source of feedback for any software security program.

*First published March 13, 2018, in TechTarget
By Steve Lipner, Executive Director, SAFECode
Software development training with an emphasis on secure coding can improve enterprise security postures. Steve Lipner of SafeCode discusses different ways to get the job done.

*First published Jan. 23, 2018, in CSOonline
By Steve Lipner, Executive Director, SAFECode

Focus on risk management is a common element of cybersecurity today. To take two examples, my LinkedIn network includes a lot of people with the title of “risk executive,” and government initiatives and policies in the US and EU aim to encourage or mandate risk-based decision-making about security.

By Steve Lipner, Executive Director, SAFECode After we returned from our visit to Brussels, the SAFECode board held several discussions of the new EU cybersecurity legislation and our experience with government security certification – what has worked well and what hasn’t, and how to create security certification schemes that are effective for both the users […]