SAFECode Blog

About Our Blog

SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. We created this blog so that we could keep you posted on new developments in software assurance and our ongoing work in this area.

Please note that the opinions expressed in this blog are those of the writer or contributor and do not necessarily reflect the opinions of SAFECode or its member companies.

By Eric Baize, Chairman, SAFECode
Recently, I had the honor of delivering the opening keynote address for the OWASP AppSec California 2018 in Santa Monica. The audience (600+ attendees) was made up of security practitioners very knowledgeable about secure development. We engaged in very spirited conversations about driving better security by changing the software development culture.

READ MORE

*First published March 12, 2018, in CSOonline
By Steve Lipner, Executive Director, SAFECode
The security response process is a natural source of feedback for any software security program.

READ MORE

*First published March 13, 2018, in TechTarget
By Steve Lipner, Executive Director, SAFECode
Software development training with an emphasis on secure coding can improve enterprise security postures. Steve Lipner of SafeCode discusses different ways to get the job done.

READ MORE

*First published Jan. 23, 2018, in CSOonline
By Steve Lipner, Executive Director, SAFECode

Focus on risk management is a common element of cybersecurity today. To take two examples, my LinkedIn network includes a lot of people with the title of “risk executive,” and government initiatives and policies in the US and EU aim to encourage or mandate risk-based decision-making about security.

READ MORE

By Steve Lipner, Executive Director, SAFECode After we returned from our visit to Brussels, the SAFECode board held several discussions of the new EU cybersecurity legislation and our experience with government security certification – what has worked well and what hasn’t, and how to create security certification schemes that are effective for both the users […]

READ MORE

By Steve Lipner, Executive Director, SAFECode   Last week, several of us from SAFECode made a whirlwind visit to Brussels, capital of the European Union. The EU is considering cybersecurity legislation that would create a new EU-wide security certification regime, and we thought it would be helpful to share our experience about what kinds of […]

READ MORE

*First published Dec. 5, 2017, in CSOonline
By Steve Lipner, Executive Director, SAFECode

Figuring out what to tell the developers to do is not as easy as telling them “write secure code.” If they knew how to do that in the first place, the organization probably wouldn’t need a software security program.

READ MORE

*First published Nov. 14. 2017 in TechTarget’s SearchSecurity
By Steve Lipner, Executive Director, SAFECode

Every year, hundreds of thousands of software developers join the workforce without a basic knowledge of security. The burden of educating and training developers on software security is left to the development organizations that hire them.

READ MORE

By Eric Baize, Chairman, SAFECode Software security is less and less about technology and more and more about culture. I would contend that today, for the most part, we know what it takes to build secure software.  What we are struggling with is how to make secure software a reality on a large scale.  This […]

READ MORE

*First published Oct. 16, 2017 in CSOonline
By Steve Lipner, Executive Director, SAFECode

Focusing on culture might be the most important thing an organization can do when developing secure software. One of the toughest technical challenges in software security isn’t even technical. It’s cultural. Developers are responsible for making the code secure but, in many cases, have not lived up to their responsibility.

READ MORE

Copyright © 2007-2018 Software Assurance Forum for Excellence in Code (SAFECode) – All Rights Reserved
Privacy Policy

Share
Share