By: Kostya Serebryany, Google & Souheil Moghnie, NortonLifeLock with Adith Sudhakar,VMWare; Rohit Shambhuni, Autodesk; and Uday Bhaskar, Autodesk SAFECode’s Fuzzing team is back to continue our discussion on fuzzing practices. If you are just joining us, be sure to take a look at the first three posts in our Focus on Fuzzing series – Getting […]

Those of you who’ve been following SAFECode for a while may remember our past comments on the European Union (EU) initiative to establish a new approach to cybersecurity certification. We commented on that approach early in 2018 and later in 2018 we issued a short white paper sharing our views on the factors that would make for a successful approach to certification.

Last week, the National Institute for Standards and Technology (NIST) published a white paper entitled “Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF).” The paper provides guidance to organizations that seek to adapt their software development processes to deliver more secure software.

As our data-driven digital culture has grown, so too have concerns over its implications for personal privacy. Efforts to protect data privacy encompass a complex mix of regulatory, cultural and technology practices. These include the need to address privacy as early as possible in the development lifecycle – arguably placing software developers on the frontlines of data privacy protection.

By Stacy Simpson, SAFECode At SAFECode, we often talk about the need to look beyond the technical requirements of implementing a secure software development lifecycle and think more expansively about creating a holistic software security program that encompasses both strong technical practices and healthy business processes. Some of the non-technical aspects of managing a mature […]

By Steve Lipner, SAFECode Welcome to San Francisco! SAFECode is excited to participate in this year’s RSA Conference and we look forward to connecting with our members and others in the cybersecurity community. If you are a SAFECode member, we hope to see you at our Annual Member Breakfast on Wednesday. In addition to offering […]

Coverage-guided fuzzing has been used for over a decade and has gained popularity in recent years as more and better tools became available. In this post, we explain what coverage-guided fuzzing is, and why it may often be a great choice for you.

By Souheil Moghnie, NortonLifeLock with Kostya Serebryany, Google, Rohit Shambhuni, Autodesk and Adith Sudhakar, VMWare We are continuing our Focus on Fuzzing blog series with a quick overview of the different types of fuzzers. Understanding the taxonomy of fuzzing can help when thinking about selecting the right fuzzing tool for your project and determining whether […]

By Souheil Moghnie, NortonLifeLock and Kostya Serebryany, Google with Lisa Napier, VMWare; Rohit Shambhuni, Autodesk; and Adith Sudhakar, VMWare At SAFECode, we members often compare notes on secure development practices that are proving effective in our individual software security efforts. One of the most commonly cited of these practices is fuzzing. Fuzzing, sometimes referred to as […]

By Anthony Dulay, Boeing with Souheil Moghnie, NortonLifeLock and Loren Brent Cobb, Boeing In the digital age, data is everywhere. More people than ever before are using internet-connected, application-centric devices that collect and use some type of data about their users. In fact, according to statista.com there are approximately 75.44 billion devices connected to the […]