By Steve Lipner, SAFECode

A person wearing a suit and tie smiling at the camera

Description automatically generated

Welcome to San Francisco! SAFECode is excited to participate in this year’s RSA Conference and we look forward to connecting with our members and others in the cybersecurity community. If you are a SAFECode member, we hope to see you at our Annual Member Breakfast on Wednesday. In addition to offering plenty of time for informal networking, the breakfast provides a great opportunity to get an update on current and planned SAFECode projects. It is not too late to register

Below is a quick rundown of where you can find us this week. If you were not able to make the trip to San Francisco, you can always catch us on Twitter or LinkedIn to see what we are working on.

Tuesday, 25 February: Lessons Learned: Fifty Years of Mistakes in Cybersecurity 

RSA Conference Session

2:20-3:10 PM at Moscone West *Full Conference Pass Required

Speaker: Steven Lipner, SAFECode Executive Director

For over 50 years, Steven Lipner has led a lot of security projects that he thought would change the world. Many of them crashed and burned at great cost in money and reputation. There were common threads including reliance on government claims about the market and on minimal secure systems built from scratch. This talk will describe some failures, some lessons learned the hard way, and how they paid off.

Tuesday, 25 February: NIST Workshop on the Secure Software Development Framework

4:00 – 5:00 PM at Marriott Marquis, 780 Mission Street, San Francisco 

Building on SAFECode’s secure development best practices publications, the BSA Framework for Secure Software, and other industry practices, the National Institute of Standards and Technology (NIST) has developed a secure software development framework (SSDF), recommending a core set of high-level secure software development practices to be added to any SDLC implementation. The paper documenting the framework facilitates communications about secure software development practices amongst business owners, software developers, project managers and leads, and cybersecurity professionals within an organization. 

Please join BSA, NIST, SAFECode and industry panelists in a one-hour session at the RSA Conference in San Francisco on Tuesday, February 25, from 4:00 pm to 5:00 pm to learn about SSDF practices.

Questions about this session should be directed to [email protected].

*Please note: Session is open to all and RSA Conference registration is not required to attend, but seating is limited and advanced registration is required.  Register here

Wednesday 26 February: Annual SAFECode Member Breakfast

7:00 to 8:30 AM at Table Top Tap House, 175 4th St., San Francisco, California.

Take time out of your busy conference schedule to connect or reconnect with your SAFECode peers and enjoy breakfast before starting the day at RSA. ALL Members Welcome! Register here.

Thursday 27 February: Secure Software Development Framework: An Industry and Public Sector Approach

RSA Conference Session

9:20 to 10:10 AM at Moscone West *Full Conference Pass Required

Speakers: Steve Lipner, SAFECode Executive Director; Donna Dodson, Chief Cybersecurity Advisor, NIST; Tommy Ross, Senior Director, Policy, BSA’ Adam Sedgewick, Senior IT Policy Advisor, NIST

NIST, SAFECode and BSA will discuss a new NIST document that presents a framework of practices aimed at helping regulated industries mitigate the risk of software vulnerabilities. The document is based on industry secure software development practices and targets software producers and consumers. International and industry sector-specific policies, regulations and mandates are highlighted.


In addition to these events, we’ll also be holding a Board of Directors meeting and hosting several working group meetings throughout the week. If you’d like to learn more about these sessions or SAFECode in general, reach out here.

Have a great conference week everyone!