SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. We created this blog so that we could keep you posted on new developments in software assurance and our ongoing work in this area.
Please note that the opinions expressed in this blog are those of the writer or contributor and do not necessarily reflect the opinions of SAFECode or its member companies.
Steve Lipner, the man behind Microsoft’s Security Development Lifecycle, and SAFECode chairman until his retirement from Microsoft earlier this year has just been inducted into the National Cyber Security Hall of Fame. All of the SAFECode board members have been privileged to work closely with Steve over many years and we all know firsthand that […]READ MORE
Many of you may have heard about the recent debate regarding the U.S. Department of Commerce’s proposed rule to implement the Wassenaar Arrangement 2013 plenary agreement on intrusion and surveillance software (RIN 0694-AG49), as published in 80 Fed. Reg. 28853 on May 20, 2015. The SAFECode community recognizes that the proposed rule was originally meant […]READ MORE
On a recent trip to Washington, DC, I had the opportunity to participate in a series of meetings with policymakers on Capitol Hill and in the Administration to discuss SAFECode’s (Software Assurance Forum for Excellence in Code) role in and commitment to improving software security. If you’re not familiar with SAFECode, I encourage you to […]READ MORE
Last year at RSA, vendors, customers and security experts came together to debate the future of software security assessment. The message was clear: there is a growing frustration over the lack of a widely accepted method for assessing the security of acquired software – and not just from customers, but also from the vendors themselves. […]READ MORE
Today’s post was written by Prof. Howard A. Schmidt. In last week’s State of the Union address, President Obama discussed the importance of increasing protections for both consumers and businesses from cyber threats. Though this is not the first time cybersecurity has been mentioned in a State of the Union address, its inclusion in last week’s […]READ MORE
Today’s post was written by SAFECode Executive Director Howard A. Schmidt. I am pleased to officially welcome Huawei, NetApp, Sonatype and Veracode as SAFECode’s newest members. Each of these companies brings unique perspective and expertise to our efforts and we look forward to working with them. They will join current SAFECode members in collaborative work […]READ MORE
Today, we continue our Meet SAFECode series with an interview with Codenomicon’s Mike Ahmadi. Mike is one of our newer members and we couldn’t be happier to have him as part of our team. Interview with Mike Ahmadi, CISSP, Global Director of Business Development at Codenomicon Q. From the DNS flaw to Heartbleed, we’re seeing […]READ MORE
Today’s post is authored by Prof. Howard A. Schmidt, SAFECode Executive Director Consensus is not easily reached within the information security community. Sure, after spending some time on Twitter it may appear that we all just enjoy a good debate. But it is just as likely a reflection of the complexity of issues we face […]READ MORE
Today, we continue our Meet SAFECode series with an interview with Symantec’s Edward Bonver. Edward not only works with our Technical Leadership Council, but also serves on SAFECode’s Board of Directors. He has played a formative role in projects ranging from our Security Engineering Training by SAFECode Program to our Fundamental Practices for Secure Software […]READ MORE
SAFECode would not be SAFECode without the tireless efforts of our Member volunteers and contributors. At the center of our work is the SAFECode Technical Leadership Council. Comprised of representatives from every member company, this group helps determine which projects SAFECode will tackle, and leads the collaboration and development process that supports selected projects and […]READ MORE