SAFECode Members have a shared commitment to the following Principles:
- That technology providers should have a demonstrated commitment to software assurance and an active secure software development process. Further, that secure development is an organizational commitment and holistic process.
- That there is no one-size-fits all approach to software assurance, nor any singular practice or technology that provides a universal solution. The specifics of secure development will vary from one organization to another depending on the organization’s products, culture, customer requirements and technical focus.
- That despite necessary differences from organization to organization, many common secure development practices have been shared across the industry that have proven both practical and effective. There is significant ongoing value in identifying, advancing and broadly promoting these practices.
- That developers should work towards providing more transparency in software assurance processes and practices to help customers and other key stakeholders manage risk effectively.
Finally, SAFECode Members are expected to contribute information about their security processes and practices to the organization’s efforts to advance software assurance methods and positively impact the security and reliability of the technology ecosystem.