SAFECode Frequently Asked Questions

What is SAFECode’s Mission?

As a center of excellence for vendor software assurance practices, SAFECode unites subject matter experts with unparalleled experience in managing complex global processes for software sourcing, development and delivery to:

  • Encourage broad industry adoption of proven software security, integrity and authenticity practices
  • Drive clarity into vendor software assurance practices to empower customers and other key stakeholders to better manage risk
  • Foster a trusted exchange of insights that advance software assurance practices

What is Software Assurance?

Software Assurance encompasses a developing set of methods and processes for ensuring that software functions as intended without introducing vulnerabilities, malicious code, or defects that can bring harm to the end user.

What is the Software Assurance Forum for Excellence in Code (SAFECode)?

The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of proven software assurance methods. SAFECode works to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services.

What does SAFECode do to promote software assurance?

SAFECode unites subject matter experts to identify, analyse and promote best practices based on their real-world experience in implementing, managing and/or supporting product security programs. Some examples of our work include:

  • Development and publication of numerous pieces of practical guidance on key issues in software security, including our flagship publication, “Fundamental Practices for Secure Software Development,” and some of the first industry-developed guidance on software integrity in the supply chain.
  • Management of a community resource for software security training that includes free online security engineering training courses called Security Engineering Training by SAFECode. These courses are designed to be used as building blocks for those looking to create an in-house training program for their product development teams, as well as individuals interested in enhancing their skills.
  • Hosting of numerous information sharing sessions among members that offer a unique opportunity to share information, discuss challenges and learn from industry peers in a trusted environment.

SAFECode publications and programs are not only designed to be helpful to other technology organization looking to improve their own secure development efforts, but also to customer organizations seeking to understand how industry approaches software security. All SAFECode published guidance is free and available via this website.

Is SAFECode a lobbying organization?

SAFECode is neither a standards body nor a lobbying association. Rather it is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of proven software assurance methods. As a collaborative effort of leading technology companies committed to software assurance excellence, SAFECode provides a forum for subject matter experts to come together to work on some of the most challenging issues faced by the IT industry. There is no single solution or “right way” to address software assurance. Indeed, there are many different ways to succeed. SAFECode provides an opportunity to bring the best methods together in a manner that helps vendors and their customers better manage risk.

Why is SAFECode necessary now?

While individual companies have implemented effective methods for developing and delivering more secure and reliable software, hardware and services, there has been no coordinated, industry-led effort to build upon this positive work and promote best practices to advance software assurance more broadly. SAFECode fills this critical gap by bringing together subject matter experts to: 1) Encourage broad industry adoption of proven software security, integrity and authenticity practices; 2) Drive clarity into vendor software assurance practices to empower customers and other key stakeholders to better manage risk; and 3) Foster a trusted exchange of insights that advance software assurance practices.

Who are SAFECode’s members?

SAFECode membership is open to any organization with a demonstrated commitment to software assurance. We are proud to count some of the world’s largest information and communications technology companies among our members.  See members

How can my organization become a member of SAFECode?

SAFECode is looking for hands-on members who want to benefit from the experiences of others and actively contribute to advancing the art of software assurance. We welcome any organization with a demonstrated commitment to software assurance. If this describes you, then get involved with SAFECode. For more information, please visit our Membership page or contact us at info at safecode.org.

Software Assurance Forum for Excellence in Code (SAFECode) - All Rights Reserved