By Steve Lipner, Executive Director     This week, the National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) within the U.S. Department of Commerce is hosting National Cybersecurity Career Awareness Week (NCCAW). The goal is to focus on local, regional, and national interest to inspire, educate, and […]

*First published September 20, 2019

By Steve Lipner, Executive Director, SAFECode

Do a quick search on secure development and you’ll find pages and pages of advice and best practices. You could relatively quickly create a long checklist of best practices and how-tos covering everything from how to create a threat model to the dos and don’ts of avoiding cross site-scripting mistakes. Newer articles and papers might focus in on applying secure development to mobile applications or making it work in a DevOps…

By Steve Lipner, Executive Director, SAFECode.

Today, we joined the Cloud Security Alliance (CSA) in releasing a new framework for thinking about DevSecOps in a cloud environment. The paper, “The Six Pillars of DevSecOps: Achieving Reflexive Security through Integration of Security, Development and Operations,” defines six focus areas critical to implementing and integrating DevSecOps into an organization.

By Steve Lipner, Executive Director, SAFECode.

Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here’s why.

By Steve Lipner, SAFECode Executive Director This week, the Business Software Alliance released The BSA Framework for Software Security. The document aims to provide a consolidated framework that brings together best practices in a manner that can be effectively described and communicated, regardless of the development environment or the purpose of the software. Specifically, according […]

By: Stacy Simpson, SAFECode

A key principle guiding SAFECode’s work has always been our belief that secure software development can only be achieved with an organizational commitment and a holistic assurance process. But what does that mean in practice?

By: Stacy Simpson, SAFECode

A key principle guiding SAFECode’s work has always been our belief that secure software development can only be achieved with an organizational commitment and a holistic assurance process. But what does that mean in practice?

By: Stacy Simpson, SAFECode

Next week, tens of thousands of security professionals will gather once again in San Francisco to talk all things security, including software security. At SAFECode, this is one of our favorite times of the year, despite the fact that many might not know we are even there.

By Vishal Asthana, Security Compass (former) with Altaz Valani, Security Compass

Ever wonder what it is like to work on a SAFECode project team? Two of our Champions – Vishal Asthana and Altaz Valani were kind enough to participate in a short Q&A; about their experience working on the Security Champions and other SAFECode projects.

This is the closing post to our Security Champions Series. Read all of the posts below. Part One: Start 2019 Strong: Join SAFECode for Our Month of Champions Part Two: Building Secure Software: It Takes a Champion Part Three: Putting a Face to Software SCs Part Four: How to Build an Effective Security Champions Program […]