3rd Edition Releases Guidance Updates and Adds Security Best Practices to Reflect Current and New Considerations in Areas of Third-Party Components, Security Issue Management and Vulnerability Response and Disclosure. 

Wakefield, Mass. – March 29, 2018 – The Software Assurance Forum for Excellence in Code (SAFECode) announced today the publication of the Fundamental Practices for Secure Software Development: Essential Elements of a Secure Development Life Cycle Program (Third Edition).

The authoritative best practices guide was written by SAFECode members to help software developers, development organizations and technology users initiate or improve their software assurance programs and encourage the industry-wide adoption of fundamental secure development practices.   The best practices in the guide apply to cloud-based and online services, shrink-wrapped software and database applications, as well as operating systems, mobile devices, embedded systems and devices connected to the Internet.


“As the threat landscape and attack methods continue to evolve, so too have the processes, techniques and tools to develop secure software. Fundamental Practices for Secure Software Development is an essential guide to help address these threats.  It is considered by many in the industry as a go-to resource for secure software development best practices,” said Steve Lipner, executive director, SAFECode.  “Much has changed and been learned over the last few years and the third edition includes many new updates and additional content.”

Significant revisions in this edition include specific guidance on secure development techniques, guidance on critical security features, the relationship of the security response process to secure development and considerations for planning and implementation of a successful Secure Development Lifecycle (SDL) program.

The guide is based on the experience of companies that build software used by many millions and in some cases billions of users and are applicable to organizations of all sizes in evolving secure software development. The best practices identified in this document are currently practiced among SAFECode members including Dell EMC, Microsoft, Intel, Adobe, Symantec, Siemens AG and CA Technologies, a testament to their ability to be integrated and adapted into a wide variety of real-world development environments.

About SAFECode

The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. Its members include Adobe Systems Incorporated, CA Technologies, Dell EMC, Intel Corporation, Microsoft Corp., SAP AG, Siemens AG and Symantec Corp. For more information, please visit www.safecodedev.wpengine.com.

For further information:

Bob Olson, SAFECode Public Relations
+1 781-876-8839
[email protected]