SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. We created this blog so that we could keep you posted on new developments in software assurance and our ongoing work in this area.
Please note that the opinions expressed in this blog are those of the writer or contributor and do not necessarily reflect the opinions of SAFECode or its member companies.
Recent security incidents exploiting weaknesses in Internet of Things (IoT) devices have demonstrated that software assurance is no longer just an issue for traditional information technology suppliers and end user organizations. Here’s why: Recent attacks have shown that connected devices can be exploited to launch large scale attacks Connected Internet-of-Things (IoT) devices cannot hide their […]READ MORE
All of us at SAFECode are looking forward to working with our new Executive Director Steve Lipner, appointed December 1, 2016. While all of the SAFECode board members have been privileged to work closely with Steve over many years, we thought you’d enjoy learning more about him. We took a moment to ask Steve a […]READ MORE
Five SAFECode board members visited Washington DC earlier this month and met with representatives of the US Federal government interested in cybersecurity. With the growing awareness amongst policy makers of the importance of software security assurance and its critical role in cybersecurity, it is important to further educate policy makers on this complex issue and […]READ MORE
(By Vishal Asthana – firstname.lastname@example.org) Most organizations either have their own central security teams or rely on external security consultants for building and rolling out AppSec programs. As a starting point, a couple of cooperative development teams are selected for a “pilot rollout”. Upon seeing successful implementation results from a subset of the pilot candidates (development teams), the security […]READ MORE
On March 2nd, during the RSA Conference, SAFECode honored Steve Lipner who stepped down from as the Chairman of SAFECode in 2015 when he retired from Microsoft. First to honor Steve was Glenn Pittaway, a Senior Director at Microsoft in the area of assurance, and SAFECode Board Member. Glenn has worked closely with Steve at […]READ MORE
Eric Baize, SAFECode Chairman and Senior Director, Product Security and Trusted Engineering for EMC Corporation 2016 is off to a fast start for our industry and it is no different for SAFECode. It is possible that there has been no more important time than now to focus on software security assurance. Software has become so […]READ MORE
Today’s post is authored by Prof. Howard A. Schmidt, SAFECode Executive Director Today’s news of the availability of our Principles for Software Assurance Assessment is a key milestone and deliverable in SAFECode’s mission to increase trust in information and communications technology products and services through the advancement of proven software assurance methods. The key benefits […]READ MORE
Steve Lipner, the man behind Microsoft’s Security Development Lifecycle, and SAFECode chairman until his retirement from Microsoft earlier this year has just been inducted into the National Cyber Security Hall of Fame. All of the SAFECode board members have been privileged to work closely with Steve over many years and we all know firsthand that […]READ MORE
Many of you may have heard about the recent debate regarding the U.S. Department of Commerce’s proposed rule to implement the Wassenaar Arrangement 2013 plenary agreement on intrusion and surveillance software (RIN 0694-AG49), as published in 80 Fed. Reg. 28853 on May 20, 2015. The SAFECode community recognizes that the proposed rule was originally meant […]READ MORE
On a recent trip to Washington, DC, I had the opportunity to participate in a series of meetings with policymakers on Capitol Hill and in the Administration to discuss SAFECode’s (Software Assurance Forum for Excellence in Code) role in and commitment to improving software security. If you’re not familiar with SAFECode, I encourage you to […]READ MORE