By Eric Baize, Chairman, SAFECode
Recently, I had the honor of delivering the opening keynote address for the OWASP AppSec California 2018 in Santa Monica. The audience (600+ attendees) was made up of security practitioners very knowledgeable about secure development. We engaged in very spirited conversations about driving better security by changing the software development culture.

*First published March 12, 2018, in CSOonline
By Steve Lipner, Executive Director, SAFECode
The security response process is a natural source of feedback for any software security program.

*First published March 13, 2018, in TechTarget
By Steve Lipner, Executive Director, SAFECode
Software development training with an emphasis on secure coding can improve enterprise security postures. Steve Lipner of SafeCode discusses different ways to get the job done.

*First published Jan. 23, 2018, in CSOonline
By Steve Lipner, Executive Director, SAFECode

Focus on risk management is a common element of cybersecurity today. To take two examples, my LinkedIn network includes a lot of people with the title of “risk executive,” and government initiatives and policies in the US and EU aim to encourage or mandate risk-based decision-making about security.

By Steve Lipner, Executive Director, SAFECode After we returned from our visit to Brussels, the SAFECode board held several discussions of the new EU cybersecurity legislation and our experience with government security certification – what has worked well and what hasn’t, and how to create security certification schemes that are effective for both the users […]

By Steve Lipner, Executive Director, SAFECode   Last week, several of us from SAFECode made a whirlwind visit to Brussels, capital of the European Union. The EU is considering cybersecurity legislation that would create a new EU-wide security certification regime, and we thought it would be helpful to share our experience about what kinds of […]

*First published Dec. 5, 2017, in CSOonline
By Steve Lipner, Executive Director, SAFECode

Figuring out what to tell the developers to do is not as easy as telling them “write secure code.” If they knew how to do that in the first place, the organization probably wouldn’t need a software security program.

*First published Nov. 14. 2017 in TechTarget’s SearchSecurity
By Steve Lipner, Executive Director, SAFECode

Every year, hundreds of thousands of software developers join the workforce without a basic knowledge of security. The burden of educating and training developers on software security is left to the development organizations that hire them.

By Eric Baize, Chairman, SAFECode Software security is less and less about technology and more and more about culture. I would contend that today, for the most part, we know what it takes to build secure software.  What we are struggling with is how to make secure software a reality on a large scale.  This […]

*First published Oct. 16, 2017 in CSOonline
By Steve Lipner, Executive Director, SAFECode

Focusing on culture might be the most important thing an organization can do when developing secure software. One of the toughest technical challenges in software security isn’t even technical. It’s cultural. Developers are responsible for making the code secure but, in many cases, have not lived up to their responsibility.