SAFECode members are committed to the following core principles:

Secure development is an organizational commitment and a holistic process

There is no one-size-fits-all approach to software assurance, nor any singular practice or technology that provides a universal solution. 

Despite differences, common secure development practices shared across the industry have proven both practical and effective.

Providing more transparency in software assurance processes and practices helps customers and other key stakeholders manage risk effectively. 

Contributing information about members’ own security processes and practices supports SAFECode’s efforts to advance software assurance and positively impact the security and reliability of the technology ecosystem. 

Software assurance training should become a required part of any software engineering training program. 

SAFECode Members are expected to contribute information about their security processes and practices to the organization’s efforts to advance software assurance methods and positively impact the security and reliability of the technology ecosystem.