SAFECode Blog

About Our Blog

SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. We created this blog so that we could keep you posted on new developments in software assurance and our ongoing work in this area.

Please note that the opinions expressed in this blog are those of the writer or contributor and do not necessarily reflect the opinions of SAFECode or its member companies.

By: Steve Lipner, Executive Director, SAFECode
This week, the UK Government’s Department for Digital, Culture, Media and Sport (DCMS) released a Code of Practice for the secure design of internet-connected consumer devices and their associated services.

READ MORE

Over 150 security development professionals participated in an event sponsored in part by SAFECode recently in Cambridge, MA steps from the Massachusetts Institute of Technology.

READ MORE

Tania Skinner, Intel
Understanding the fundamentals of secure development and where to start is the message I delivered to an audience of software quality engineers, developers, testers and more at the Pacific Northwest Software Quality Conference (PNSQC). My technical presentation titled “Security Tsunami! SDL Fundamentals and Where to Start” was delivered October 8, 2018 in Portland, Oregon.

READ MORE

Tania Skinner, Product Security Strategist, Intel Corporation provides an overview of the guide, its contents and how to use it in this seven-minute podcast.

READ MORE

*First published August 20, 2018, in CSOonline
By Steve Lipner, Executive Director, SAFECode
Understanding the security of third-party components.

READ MORE

By: Altaz Valani, Research Director, Security Compass
At the IEEE Cybersecurity Development Conference in Cambridge, Mass on October 2nd, I will deliver my presentation “Rethinking Secure DevOps Threat Modeling: The Need for a Dual Velocity Approach” to an audience of cyber professionals.

READ MORE

By: Steve Lipner, Executive Director, SAFECode
Large organizations have benefited from establishing and adopting Security Development Lifecycle (SDL) processes as a key component of their approach to delivering secure software. Many of these organizations have hundreds or even thousands of developers, and significant resources to devote to creating and operating an SDL. But what about the smaller organizations whose teams and resources are limited? They too have access to resources that can help them to adopt an SDL capable of delivering the level of software security their customers expect.

READ MORE

*First published March 12, 2018, in CSOonline
By Steve Lipner, Executive Director, SAFECode
Why secure development programs succeed in organizations.

READ MORE

By Eric Baize, Chairman, SAFECode
Recently, I had the honor of delivering the opening keynote address for the OWASP AppSec California 2018 in Santa Monica. The audience (600+ attendees) was made up of security practitioners very knowledgeable about secure development. We engaged in very spirited conversations about driving better security by changing the software development culture.

READ MORE

*First published March 12, 2018, in CSOonline
By Steve Lipner, Executive Director, SAFECode
The security response process is a natural source of feedback for any software security program.

READ MORE

Copyright © 2007-2018 Software Assurance Forum for Excellence in Code (SAFECode) – All Rights Reserved
Privacy Policy

Share
Share