By Anthony Dulay, Boeing with Souheil Moghnie, NortonLifeLock and Loren Brent Cobb, Boeing In the digital age, data is everywhere. More people than ever before are using internet-connected, application-centric devices that collect and use some type of data about their users. In fact, according to statista.com there are approximately 75.44 billion devices connected to the […]

By Kostya Serebryany, Software Engineer, Google
C/C++ memory (un)safety remains a significant threat to security and stability of user-space applications and OS kernels. More than half of all high/critical security vulnerabilities across all major ecosystems are memory safety bugs [1], [2]

Tania Ward is a Consultant Program Manager for Dell Technologies and a member of the SAFECode Technical Leadership Council. Tania Ward has lived the role of a Security Champion throughout her career and is now passing on her wisdom and expertise to others. In her current role at Dell Technologies, Tania oversees the security training […]

By Steve Lipner, Executive Director     This week, the National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST) within the U.S. Department of Commerce is hosting National Cybersecurity Career Awareness Week (NCCAW). The goal is to focus on local, regional, and national interest to inspire, educate, and […]

*First published September 20, 2019

By Steve Lipner, Executive Director, SAFECode

Do a quick search on secure development and you’ll find pages and pages of advice and best practices. You could relatively quickly create a long checklist of best practices and how-tos covering everything from how to create a threat model to the dos and don’ts of avoiding cross site-scripting mistakes. Newer articles and papers might focus in on applying secure development to mobile applications or making it work in a DevOps…

By Steve Lipner, Executive Director, SAFECode.

Today, we joined the Cloud Security Alliance (CSA) in releasing a new framework for thinking about DevSecOps in a cloud environment. The paper, “The Six Pillars of DevSecOps: Achieving Reflexive Security through Integration of Security, Development and Operations,” defines six focus areas critical to implementing and integrating DevSecOps into an organization.

By Steve Lipner, Executive Director, SAFECode.

Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here’s why.

By Steve Lipner, SAFECode Executive Director This week, the Business Software Alliance released The BSA Framework for Software Security. The document aims to provide a consolidated framework that brings together best practices in a manner that can be effectively described and communicated, regardless of the development environment or the purpose of the software. Specifically, according […]

By: Stacy Simpson, SAFECode

A key principle guiding SAFECode’s work has always been our belief that secure software development can only be achieved with an organizational commitment and a holistic assurance process. But what does that mean in practice?

By: Stacy Simpson, SAFECode

A key principle guiding SAFECode’s work has always been our belief that secure software development can only be achieved with an organizational commitment and a holistic assurance process. But what does that mean in practice?