SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. We created this blog so that we could keep you posted on new developments in software assurance and our ongoing work in this area.
Please note that the opinions expressed in this blog are those of the writer or contributor and do not necessarily reflect the opinions of SAFECode or its member companies.
By: Kostya Serebryany, Google & Souheil Moghnie, NortonLifeLock with Adith Sudhakar,VMWare; Rohit Shambhuni, Autodesk; and Uday Bhaskar, Autodesk SAFECode’s Fuzzing team is back to continue our discussion on fuzzing practices. If you are just joining us, be sure to take a look at the first three posts in our Focus on Fuzzing series – Getting […]READ MORE
Those of you who’ve been following SAFECode for a while may remember our past comments on the European Union (EU) initiative to establish a new approach to cybersecurity certification. We commented on that approach early in 2018 and later in 2018 we issued a short white paper sharing our views on the factors that would make for a successful approach to certification.READ MORE
Last week, the National Institute for Standards and Technology (NIST) published a white paper entitled “Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF).” The paper provides guidance to organizations that seek to adapt their software development processes to deliver more secure software.READ MORE
As our data-driven digital culture has grown, so too have concerns over its implications for personal privacy. Efforts to protect data privacy encompass a complex mix of regulatory, cultural and technology practices. These include the need to address privacy as early as possible in the development lifecycle – arguably placing software developers on the frontlines of data privacy protection.READ MORE
By Stacy Simpson, SAFECode At SAFECode, we often talk about the need to look beyond the technical requirements of implementing a secure software development lifecycle and think more expansively about creating a holistic software security program that encompasses both strong technical practices and healthy business processes. Some of the non-technical aspects of managing a mature […]READ MORE
By Steve Lipner, SAFECode Welcome to San Francisco! SAFECode is excited to participate in this year’s RSA Conference and we look forward to connecting with our members and others in the cybersecurity community. If you are a SAFECode member, we hope to see you at our Annual Member Breakfast on Wednesday. In addition to offering […]READ MORE
Coverage-guided fuzzing has been used for over a decade and has gained popularity in recent years as more and better tools became available. In this post, we explain what coverage-guided fuzzing is, and why it may often be a great choice for you.READ MORE
By Souheil Moghnie, NortonLifeLock with Kostya Serebryany, Google, Rohit Shambhuni, Autodesk and Adith Sudhakar, VMWare We are continuing our Focus on Fuzzing blog series with a quick overview of the different types of fuzzers. Understanding the taxonomy of fuzzing can help when thinking about selecting the right fuzzing tool for your project and determining whether […]READ MORE
By Souheil Moghnie, NortonLifeLock and Kostya Serebryany, Google with Lisa Napier, VMWare; Rohit Shambhuni, Autodesk; and Adith Sudhakar, VMWare At SAFECode, we members often compare notes on secure development practices that are proving effective in our individual software security efforts. One of the most commonly cited of these practices is fuzzing. Fuzzing, sometimes referred to as […]READ MORE
By Anthony Dulay, Boeing with Souheil Moghnie, NortonLifeLock and Loren Brent Cobb, Boeing In the digital age, data is everywhere. More people than ever before are using internet-connected, application-centric devices that collect and use some type of data about their users. In fact, according to statista.com there are approximately 75.44 billion devices connected to the […]READ MORE