Uncategorized

By Steve Lipner, Executive Director, SAFECode   Last week, several of us from SAFECode made a whirlwind visit to Brussels, capital of the European Union. The EU is considering cybersecurity legislation that would create a new EU-wide security certification regime, and we thought it would be helpful to share our experience about what kinds of […]

READ MORE

*First published Dec. 5, 2017, in CSOonline
By Steve Lipner, Executive Director, SAFECode

Figuring out what to tell the developers to do is not as easy as telling them “write secure code.” If they knew how to do that in the first place, the organization probably wouldn’t need a software security program. But almost all developers went through college computer science or software engineering programs that teach little about software security.

READ MORE

*First published Nov. 14. 2017 in TechTarget’s SearchSecurity
By Steve Lipner, Executive Director, SAFECode

Every year, hundreds of thousands of software developers join the workforce without a basic knowledge of security. The burden of educating and training developers on software security is left to the development organizations that hire them.

READ MORE

By Eric Baize, Chairman, SAFECode Software security is less and less about technology and more and more about culture. I would contend that today, for the most part, we know what it takes to build secure software.  What we are struggling with is how to make secure software a reality on a large scale.  This […]

READ MORE

*First published Oct. 16, 2017 in CSOonline
By Steve Lipner, Executive Director, SAFECode

Focusing on culture might be the most important thing an organization can do when developing secure software. One of the toughest technical challenges in software security isn’t even technical. It’s cultural. Developers are responsible for making the code secure but, in many cases, have not lived up to their responsibility.

READ MORE

By Carol Clark, Director of Marketing, SAFECode Eric Baize believes culture is an essential part of human society. But the SAFECode Chairman and Vice President, Product Security at Dell EMC is not talking about poetry or opera. Instead, Baize will be representing SAFECode and discussing culture as it relates to software development. During his keynote […]

READ MORE

During a wide-ranging interview on a recent episode of “Security Weekly” – a security podcast hosted by Paul Asadoorian – SAFECode’s Steve Lipner discussed how organizations and developers can take advantage of SAFECode’s new threat modeling and third party component best practices white papers. Here are some of Steve’s insights from the discussion. To hear […]

READ MORE

Izar Tarandach & Brook S.E. Schoenfield A couple of years ago I was engaging a new team into our Secure Development Life cycle (SDL) process. One of the initial activities is Threat Modeling, and in discussion with a product architect, I was asked, “We have a working design here, and now you want to come […]

READ MORE

By Eric Baize, Chairman of the Board, SAFECode   SAFECode members crowded into Jillian’s directly across from the Moscone Center in San Francisco on February 15, 2017 for SAFECode’s Second Annual RSA Conference Breakfast.  Seventeen SAFECode members were honored with recognition awards for their work at the event on four white papers that are currently […]

READ MORE

Recent security incidents exploiting weaknesses in Internet of Things (IoT) devices have demonstrated that software assurance is no longer just an issue for traditional information technology suppliers and end user organizations. Here’s why: Recent attacks have shown that connected devices can be exploited to launch large scale attacks Connected Internet-of-Things (IoT) devices cannot hide their […]

READ MORE

Software Assurance Forum for Excellence in Code (SAFECode) - All Rights Reserved

Share
Share