SAFECode Blog

Archive for April, 2009

Seeking Comments on Development Practices Recommendations; Released New Paper on Training

Monday, April 20th, 2009

Today is an exciting day for SAFECode – two new announcements, a new blog to talk about them in, and a board of directors meeting.

We have brought our members together for a board meeting at the RSA Conference to hammer out some details on our current projects, plan our future efforts and meet with some members of our International Board of Advisers.  It should be a good day of brainstorming, idea-sharing and networking.

We are also issuing a call for public comments on our paper “Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today.” Based on an analysis of the individual software assurance efforts of SAFECode members, this paper outlines a core set of secure development practices that can be applied across diverse development environments to improve software security.

We’ll be updating the paper in late 2009 and would like to give software security experts outside of our membership a chance to provide comments.  This will not only expand our frame of reference, but will also give those who have put some of the paper’s recommendations into action a chance to provide feedback.  Based on the feedback we have received, we really think this paper has the potential to help others in the industry with their own secure development efforts, as well as shed some light for customers on the practical steps leading software companies are taking to help ensure software security.  We believe opening up the paper to experts outside the membership will only make it stronger and we look forward to the seeing the feedback.

So we encourage you to submit your comments – we’ll be accepting them until July 31.  And, if you are at the RSA Conference and would like to learn more about this paper, we’ll be giving an overview in a panel discussion on Wednesday.

We also just released a paper outlining a framework for building a corporate training program on secure software development.  We have found that all of our members have internally developed training programs to support their software assurance programs, so we wanted to see what these programs had in common.  While it is clear that training programs are most effective when they are customized to corporate needs, we were able to uncover a number of fundamental principles that all of our members’ programs share and we hope that providing this insight is useful to anyone who might be thinking about starting their own training initiatives.

I will be at the RSA Conference all week, along with many of our SAFECode members.  Any of us would be happy to answer any questions on SAFECode, so let me know if you want to meet up.

Posted in Development Practices, Training | 2 Comments »

Welcome!

Friday, April 17th, 2009

Welcome to the first SAFECode blog posting, which happens to be my first attempt at blogging so bear with me.  We decided to create a blog so we could keep you up-to-date on SAFECode activities and hot topics in software assurance.

At SAFECode, we bring very smart people together to work on some tough problems around software assurance.   Every few months we release some of our findings and share it so that our work may benefit others.  However, I am often asked what we are up to in between paper releases.  Hopefully through this blog I can keep you updated on our work as it progresses.

Posted in Uncategorized | No Comments »

© 2007-2009 Software Assurance Forum for Excellence in Code (SAFECode) - All Rights Reserved