Over 150 security development professionals participated in an event sponsored in part by SAFECode recently in Cambridge, MA steps from the Massachusetts Institute of Technology.READ MORE
By: Altaz Valani, Research Director, Security Compass
At the IEEE Cybersecurity Development Conference in Cambridge, Mass on October 2nd, I will deliver my presentation “Rethinking Secure DevOps Threat Modeling: The Need for a Dual Velocity Approach” to an audience of cyber professionals.
By: Steve Lipner, Executive Director, SAFECode
Large organizations have benefited from establishing and adopting Security Development Lifecycle (SDL) processes as a key component of their approach to delivering secure software. Many of these organizations have hundreds or even thousands of developers, and significant resources to devote to creating and operating an SDL. But what about the smaller organizations whose teams and resources are limited? They too have access to resources that can help them to adopt an SDL capable of delivering the level of software security their customers expect.
By Tania Skinner, Product Security Strategist, Intel Corporation The Managing Security Risks Inherent in the Use of Third-party Components White Paper is now available. Below is a brief preview of the document. I encourage you to download it and share it with your colleagues. The use of third-party components (TPCs), including open source software (OSS) […]READ MORE
By Steve Lipner and Eric Baize After every news cycle involving major technology players and zero-day vulnerabilities in the products or services they provide, suspicious comments questioning technology players’ commitment to software security assurance inevitably seem to resurface. The recent Wikileaks release of documents allegedly from the CIA describing zero-day exploits in major online services […]READ MORE
The SAFECode board and members join the cybersecurity community in mourning the loss of Howard Schmidt as an industry pioneer, colleague, collaborator, and friend. Howard’s contributions to the cybersecurity community have been recognized in many ways, most recently by his receiving the 2017 Award for Excellence in the Field of Information Security. The SAFECode members […]READ MORE
We are pleased to formally announce the availability of SAFECode Associate Membership. Through this change, SAFECode membership is now open to any organization with a demonstrated commitment to software assurance, expanding the membership beyond commercial technology providers for the first time in our history. This marks an exciting and significant milestone for SAFECode and we […]READ MORE
I just wanted to share a quick update on the Security Engineering Training by SAFECode program. Thank you to everyone who contacted us with feedback over the past few weeks. We are very happy to learn that you are finding the training material helpful. Based on your feedback, we have added the capability to download […]READ MORE
Today has been a really exciting day for SAFECode. I am writing from our table at the Security Development Conference, a great event focused on implementing the latest in security development techniques and processes. Howard had the honor of helping kick off the conference with one of the morning keynotes, and discussed the important role […]READ MORE
Following up on the announcement today that Adobe Systems Incorporated has joined SAFECode, I interviewed Brad Arkin, who will be serving as Adobe’s representative on SAFECode’s Board of Directors. Brad Arkin is the director of Product Security and Privacy at Adobe, where he is responsible for cross-company coordination and initiatives related to security and privacy. […]READ MORE