By Souheil Moghnie, NortonLifeLock with Kostya Serebryany, Google, Rohit Shambhuni, Autodesk and Adith Sudhakar, VMWare We are continuing our Focus on Fuzzing blog series with a quick overview of the different types of fuzzers. Understanding the taxonomy of fuzzing can help when thinking about selecting the right fuzzing tool for your project and determining whether […]

By Souheil Moghnie, NortonLifeLock and Kostya Serebryany, Google with Lisa Napier, VMWare; Rohit Shambhuni, Autodesk; and Adith Sudhakar, VMWare At SAFECode, we members often compare notes on secure development practices that are proving effective in our individual software security efforts. One of the most commonly cited of these practices is fuzzing. Fuzzing, sometimes referred to as […]

By Anthony Dulay, Boeing with Souheil Moghnie, NortonLifeLock and Loren Brent Cobb, Boeing In the digital age, data is everywhere. More people than ever before are using internet-connected, application-centric devices that collect and use some type of data about their users. In fact, according to statista.com there are approximately 75.44 billion devices connected to the […]

By Kostya Serebryany, Software Engineer, Google
C/C++ memory (un)safety remains a significant threat to security and stability of user-space applications and OS kernels. More than half of all high/critical security vulnerabilities across all major ecosystems are memory safety bugs [1], [2]

Tania Ward is a Consultant Program Manager for Dell Technologies and a member of the SAFECode Technical Leadership Council. Tania Ward has lived the role of a Security Champion throughout her career and is now passing on her wisdom and expertise to others. In her current role at Dell Technologies, Tania oversees the security training […]

By Steve Lipner, Executive Director     This week, the National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) within the U.S. Department of Commerce is hosting National Cybersecurity Career Awareness Week (NCCAW). The goal is to focus on local, regional, and national interest to inspire, educate, and […]

*First published September 20, 2019

By Steve Lipner, Executive Director, SAFECode

Do a quick search on secure development and you’ll find pages and pages of advice and best practices. You could relatively quickly create a long checklist of best practices and how-tos covering everything from how to create a threat model to the dos and don’ts of avoiding cross site-scripting mistakes. Newer articles and papers might focus in on applying secure development to mobile applications or making it work in a DevOps…

By Steve Lipner, Executive Director, SAFECode.

Today, we joined the Cloud Security Alliance (CSA) in releasing a new framework for thinking about DevSecOps in a cloud environment. The paper, “The Six Pillars of DevSecOps: Achieving Reflexive Security through Integration of Security, Development and Operations,” defines six focus areas critical to implementing and integrating DevSecOps into an organization.

By Steve Lipner, Executive Director, SAFECode.

Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here’s why.

By Steve Lipner, SAFECode Executive Director This week, the Business Software Alliance released The BSA Framework for Software Security. The document aims to provide a consolidated framework that brings together best practices in a manner that can be effectively described and communicated, regardless of the development environment or the purpose of the software. Specifically, according […]