Finally catching up after the RSA Conference. It was a fantastic week for SAFECode, which we kicked off with a board of directors meeting. The board discussed some exciting projects we’ve planned for the next few months on issues such as software integrity in the global supply chain, measurability and software assurance R&D, and I am looking forward to sharing more details on these as they progress.
Another highlight of the conference was our panel discussion around our paper on Fundamental Practices for Secure Development. We had a expert group of speakers representing some of our member companies: Steve Lipner, Microsoft; Reeny Sondhi, EMC; Wesley Higaki, Symantec; Gunter Bitz, SAP; and Paul Kurtz, our executive director who moderated the discussion. And while the panelists were great, it was really the audience feedback that made the experience so rewarding.
After the discussion, members of the audience thanked us for the paper and presentation and let us know that they had started implementing our recommendations in their own efforts. This feedback from actual practitioners meant a lot because it demonstrates that we are having the impact we hope to achieve with this work. Our members are sharing the lessons they have learned from their own secure development efforts so that we can help others in the industry start or refine their own internal software assurance programs. Hearing first hand that others are finding practical value from these efforts further strengthens our commitment to sharing our experiences and continuing to refine and update our development practices paper.
In fact, in an effort to keep the paper as relevant and useful as possible, we are currently accepting feedback on its recommendations via an online comment process. If you have worked to implement some of our methods or have ideas of your own, we’d love to hear from you.