SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. We created this blog so that we could keep you posted on new developments in software assurance and our ongoing work in this area.
Please note that the opinions expressed in this blog are those of the writer or contributor and do not necessarily reflect the opinions of SAFECode or its member companies.
By Kristian Beckers, Siemens and John Martin, Boeing with Nick Ozmore, Veracode
This is the third post in SAFECode’s Month of Champions series on building and sustaining a successful Security Champions program. See here for Part One: Start 2019 Strong: Join SAFECode for Our Month of Champions and here for Part Two: Building Secure Software: It Takes a Champion.READ MORE
By: Vishal Asthana, Security Compass (former); Manuel Ifland, Siemens; John Martin, Boeing; Altaz Valani, Security Compass; Tania Ward, Dell; Nick Ozmore, Veracode; Kristian Beckers, Siemens
Organizations and their development teams often struggle with scaling their Secure Development Lifecycle (SDL) efforts. This is typically due to one or more reasons.
By Stacy Simpson, SAFECode
At SAFECode, we are always looking for common themes among our members that lead to successful software security outcomes.
Eric Baize, SAFECode Chairman
Last week, I had the honor of presenting a keynote at the International Common Criteria Conference in Amsterdam.
By: Steve Lipner, Executive Director, SAFECode
This week, the UK Government’s Department for Digital, Culture, Media and Sport (DCMS) released a Code of Practice for the secure design of internet-connected consumer devices and their associated services.
Over 150 security development professionals participated in an event sponsored in part by SAFECode recently in Cambridge, MA steps from the Massachusetts Institute of Technology.READ MORE
Tania Skinner, Intel
Understanding the fundamentals of secure development and where to start is the message I delivered to an audience of software quality engineers, developers, testers and more at the Pacific Northwest Software Quality Conference (PNSQC). My technical presentation titled “Security Tsunami! SDL Fundamentals and Where to Start” was delivered October 8, 2018 in Portland, Oregon.
Tania Skinner, Product Security Strategist, Intel Corporation provides an overview of the guide, its contents and how to use it in this seven-minute podcast.READ MORE
By: Altaz Valani, Research Director, Security Compass
At the IEEE Cybersecurity Development Conference in Cambridge, Mass on October 2nd, I will deliver my presentation “Rethinking Secure DevOps Threat Modeling: The Need for a Dual Velocity Approach” to an audience of cyber professionals.