FOR IMMEDIATE RELEASE

SAFECode Seeks Public Comment on Guide to Secure Development Practices

Arlington, Va. and San Francisco (RSA Conference) – April 20, 2009 – The Software Assurance Forum for Excellence in Code (SAFECode), a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods, today issued a call for comments on its “Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today.”

Originally released in October 2008, the paper outlines a core set of secure development practices that can be applied across diverse development environments to improve software security. Due to the positive response to the paper’s publication, as well as the rapidly evolving information security environment, SAFECode will be releasing an updated version in late 2009. SAFECode is offering experts outside of its membership an opportunity to provide input into the paper’s next version in its continued effort to make the recommendations as useful and relevant as possible.

“SAFECode’s paper on development practices was based on a detailed analysis of the real world experience of its members. Opening the paper to contributions by experts outside of our membership will not only expand our frame of reference, but also enable us to include feedback from those who have worked to put the original paper’s practices into action,” said Paul Kurtz, Executive Director of SAFECode.

The brief and highly actionable paper describes each identified security practice across the software development lifecycle – Requirements, Design, Programming, Testing, Code Handling and Documentation – and offers implementation advice based on the experiences of SAFECode members.

To submit your comments, please visit www.safecodedev.wpengine.com. SAFECode will be accepting comments until July 31, 2009.

About SAFECode
The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. Its members include EMC Corporation, Juniper Networks, Inc., Microsoft Corp., Nokia, SAP AG and Symantec Corp. For more information, please visit www.safecodedev.wpengine.com.

Product and service names mentioned herein are the trademarks of their respective owners.

###

Send Comments on Development Practices