Member Information

This section of the website is designed to support current SAFECode members. If your company is a member of SAFECode, feel free to contact our Member Helpdesk for more information on anything you see on this page. Not sure if you are a Member? Check your membership status here. Like what you see on this page but not currently a Member? Learn more about joining the collaboration.

This Month’s Highlights

Greetings members! Spring is nearly here and there are many activities and initiatives are happening within the organization. Take a look and see what interests you. And if you want us to explore a topic you don’t see listed, give us a shout with your idea here.

SAFECode Member-Only Brown Bag Series

Each month, SAFECode members have the opportunity to learn how their member peers are tackling common challenges in software and supply chain security via SAFECode’s virtual members-only webinar series. All sessions are one hour in length and include plenty of time for Q&A and discussion. Members are welcome to join us live or catch up with what they missed on-demand.

March Session: The IEC-62443-4-1 Standard for Secure Product Development in ICS
Date/Time: March 10 |11:00 a.m – 12:00 p.m. EST
IEC 62443 is a series of international standards that addresses the issue of security for industrial automation and control systems (IACS). It covers security during product development, system integration and operation. The presentation will give an introduction to the concepts and focus on the secure product development life cycle according to IEC 62443-4-1 and potential process modelling.
Panelists:
  • Eng. Fabiola Moyón, CISA, CISM, M.Sc. Fabiola is a Security Consultant by the Research and Development Team at Siemens Corporate Technology. She has more than 10 years of experience in the security field both at the technical and management levels. Her main interest is to extend agile methods with practices to ensure compliance with security standards. She works towards pragmatic approaches to implement security standard requirements using DevOps pipelines as enablers. One proof of concept is the analysis of the IEC 62443-4-1 Standard for Secure Development in Industrial Systems and its integration into the Scaled Agile Framework SAFe and Scrum.
  • Dr. Kai Wollenweber, CISSP Kai is a Product & Solution Security Officer at Siemens Digital Industries. He has more than 20 years of experience in the field of security and safety and held various positions in the industrial, aerospace and defense domains. He is active in security standardization, regulation and certification and deeply involved in the development and improvement of ISA/IEC 62443. Kai promotes a holistic security concept in which a secure development lifecycle is a key aspect.
For more information on how you can access this session, please email us here. 

RSA Wrap Up 

Thanks to our members who attended RSA, our member-only breakfast, and Steve Lipner’s presentations. As you may know, Steve delivered a talk on Lessons Learned: 50 Years of Mistakes in Cybersecurity, and also participated on a panel with NIST and BSA to discuss Secure Software Development Framework: An Industry and Public Sector Approach; and an additional session on Discussion on Secure Software Development Framework. 

We will let you know once his presentations are available online.

During the RSA meetings, members met and discussed the following topics: Post Quantum Crypto, and Secure Trainings. The Board had a full day strategy meeting, and discussed Supply Chain and Open Source Software. See below for new ways to get involved and share best practices around these topics.

New Working Group

Post Quantam Crypto

As you know, the eventual move toward quantum computing will make some cryptographic algorithms obsolete. While we don’t quite know exactly when this shift will happen, it does raise a need to start thinking about the notion of “crypto-agility,” or the ability to move seamlessly from conventional cryptographic algorithms to the quantum-safe crypto algorithms. Though this discussion may seem focused on a topic for the distant future, SAFECode has been discussing NIST’s current efforts in this area and there are a number of post-quantum algorithm candidates already available for experimentation.

SAFECode’s RSA discussion on crypto-agility will focus primarily on the implications of post-quantum algorithms for developers. Some SAFECode members, including Microsoft, have already begun experimenting in this area and should have some important insights to share. The goal of the discussion is to support SAFECode members in their efforts to build-in crypto-agility, as well as define some concrete steps developers can take today to ensure their applications are ready for post-quantum cryptography.

Self Serve Speaker Center

Interested in representing SAFECode as a speaker at an industry event? We welcome this and have created this self-service speaker center to assist in your efforts. We only ask that you represent yourself as a SAFECode member when using these materials and promote and cite SAFECode’s work appropriately. Please visit the Member Portal in find a list of upcoming events and sample speaking abstracts. For questions, please contact us here.

New Fuzzing Series

At SAFECode, we members often compare notes on secure development practices that are proving effective in our individual software security efforts. One of the most commonly cited of these practices is fuzzing. Fuzzing, sometimes referred to as fuzz testing, is an automated software testing technique that involves providing invalid, unexpected, random, or semi-random data as input to a computer program. The program is then monitored for exceptions such as hangs, crashes, failing built-in code assertions, or potential memory leaks.

This Fuzzing series will discuss things such as: what types of fuzzing exist and which one to choose in a specific case; what tools are available for various languages and ecosystems; how and why to fuzz continuously; and, how fuzzing fits into the larger software development lifecycle.

View the series here.

Collaborate with Your Peers at Other Member Companies

SAFECode offers a number of ways for employees of member companies to collaborate with each other. The best way to stay apprised of these opportunities is by joining our Member portal. Our working groups are always open to new members Take a look below and reach out at [email protected] if you’d like to get involved.

DevSecOps
SAFECode recently teamed up with the Cloud Security Alliance to launch a new working group that will tackle issues related to DevSecOps in pure Cloud environments. The working group will work to create a transparent and comprehensive software development and security management lifecycle that leverages all the components of DevSecOps and Security Champions to ensure timely and full functioning application deployment with security development practices integrated at every stage.

Fuzzing Techniques
With the Fuzzing Working Group within SAFECode, we’re providing a high-level description of what Fuzzing is and the various types of Fuzzers and the Pros and Cons of each. We are also diving deep into what types of data can/should be Fuzzed and how. Furthermore, the Fuzzing Working Group will be shedding some light on the value of Fuzzing as well as the issues that can be found and mitigated by doing the proper Fuzzing technique.

Personal and Data Privacy
The Personal Data Privacy Group writes about topics concerning the awareness and protection of individual data and data-generating products. Individual user data is essentially digital ore: It can be collected, analyzed, refined, packaged into distinct products, and monetized. PDP blog is primarily focused on defining the elements of consumer digital footprints, and effective strategies to protect and secure that data. Personal Data Privacy is also an ethical and legal responsibility on behalf of consumers in the enterprise. Monthly, PDP explores the landscape of data topics from consumer IoT to data-aggregation and corporate data stewardship.

Security Trainings
Are you interested in expanding your training curriculum? SAFECode identifies and promotes best practices for developing and delivering more secure and reliable software, hardware and services. One of SAFECode’s missions is to create a solid base of foundation security knowledge across a product team utilizing the free software security training provided from SAFECode.  Join this discussion group to share best practices and delve into how SAFECode can provide a skills path framework which would further the knowledge and training across member product teams.Is your company a Member and you have an idea for collaboration you don’t see here? Contact us today and we’ll give you the details on how to submit a new project, event, and working group ideas.

Member Helpdesk

SAFECode Members can contact our Member Helpdesk for information on event sign-ups, working group opportunities, and any other questions they may have. For more specific inquiries, see below.

SAFECode Technical Leadership Council
The Technical Leadership Council (TLC) meets monthly and is comprised of representatives from each SAFECode member. Its main objective is to drive SAFECode’s technical work – helping to launch and support small member groups focused on identifying and analyzing common best practices around various software security topics, and providing ongoing opportunities for members to learn from one another on software security issues and challenges. To reach the TLC, contact: [email protected]

SAFECode Marketing and Events
Looking to collaborate with SAFECode on an upcoming event or marketing imitative? Have a question about a recent promotion? SAFECode’s marketing and events team is always interested in hearing from our members. You can reach us here [email protected]

SAFECode Board of Directors
Need to reach our leadership team? The SAFECode Board of Directors is comprised of members from each of our Charter member companies and meets each month. You can reach them by contacting: [email protected]

SAFECode Technical Support
Having trouble with the SAFECode collaboration portal? See an issue on the website? Our Member Helpdesk can help: [email protected]

Copyright © 2007- Software Assurance Forum for Excellence in Code (SAFECode) – All Rights Reserved
Privacy Policy