ABOUT SAFECode > |
ABOUT SAFECode
The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. Its members include Adobe, CA Technologies, EMC Corporation, Intel Corporation, Microsoft Corp., SAP AG, Siemens AG, and Symantec Corp..
Brad Arkin - Chief Security Officer - Adobe Systems Incorporated
Brad Arkin is the Chief Security Officer for Adobe. Arkin leads the Adobe Secure Software Engineering Team (ASSET) responsible for ensuring Adobe's products are designed, engineered and validated using security best practices, as well as the Product Security Incident Response Team (PSIRT) dedicated to responding to and communicating about security issues. He also manages theEngineering Infrastructure Security team that builds and maintains security-critical internal services such as code signing and build environments. Arkin also oversees the Corporate Standards Group responsible for coordinating Adobe’s involvement with standards bodies such as the International Organization for Standardization (ISO) and the World Wide Web Consortium (W3C), as well as the open source and accessibility teams.
Prior to joining Adobe, Arkin held management positions at StepNexus, Symantec, @Stake and Cigital.
Arkin is currently a board member of SAFECode, the Software Assurance Forum for Excellence in Code. He is also a member of the BSIMM (Building Security In Maturity Model) advisory board, the SAP Security Advisory Board, and the customer advisory boards for security consultancy iSec Partners and security tools vendor Veracode.
Arkin holds a BS in computer science from the College of William and Mary, an MS in computer science from George Washington University, and an MBA from Columbia University and London Business School.
Adobe is changing the world through digital experiences. For more information, visit www.adobe.com.
Eric Baize - Senior Director, Product Security Office EMC
Eric Baize leads EMC’s Product Security Office with company-wide responsibility for product security assurance, covering vulnerability response handling, security development lifecycle implementation and coordination of security certifications. He also represents EMC on SAFECode’s Board of Directors. Additionally, Mr. Baize leads RSA’s product strategy for securing virtual and physical infrastructures.
Previously, Mr. Baize pioneered EMC’s push towards security. He was a founding member of the leadership team that defined EMC’s vision of information-centric security, and which drove the acquisition of RSA Security and Network Intelligence in 2006.
Prior to joining EMC, Mr. Baize held various positions for Groupe Bull in Europe and in the US where he was successively the security architect, product manager and director of security strategy, responsible for the company’s security product line.
Mr. Baize holds a M.S. degree in Computer Science from Ecole Nationale Supérieure des Télécommunications in Brest, France, and is a Certified Information Security Manager (CISM) by the Information Systems Audit and Control Association (ISACA). He is holder of a US patent, author of international security standards and a regular speaker at security conferences in the US and Europe.
David Doughty - Director of Product Security Engineering Intel Corporation
David Doughty is the Director of Product Security Engineering at Intel Corporation. In 2003 he led the formation of Intel’s security assurance initiative. Mr. Doughty drove the creation of robust programs to prevent the introduction, detect the presence and respond to vulnerabilities in all Intel products and services. He is currently a board member of SAFECode, the Software Assurance Forum for Excellence in Code.
Prior to joining Intel in 1997, Mr. Doughty worked in the Design Automation Industry where he led the development of commercial and proprietary tools to support the design and validation of semiconductors.
Mr. Doughty earned his Bachelor’s degree in Computer Engineering from the University of California, San Diego.
Steven B. Lipner - Partner Director of Program Management, Trustworthy Computing Security Microsoft Corporation, Chairman of SAFECode
Steven B. Lipner is Partner Director of Program Management at Microsoft Corp where he is responsible for programs that provide improved product security for Microsoft customers. Lipner leads Microsoft’s Security Development Lifecycle (SDL) team and is responsible for the definition of Microsoft’s SDL and for programs to make the SDL available to organizations beyond Microsoft.
Lipner joined Microsoft in 1999. In late 2001, Lipner and his team devised the strategy of “security pushes” that, as part of the Trustworthy Computing initiative, enabled Microsoft to make rapid improvements in the security of its software and to change the corporate development culture to emphasize product security. The SDL is the product of these improvements, and is widely viewed as the industry’s leading secure software development process.
Before joining Microsoft, Lipner worked for a variety of software vendors and government contractors as a researcher, consultant, development manager and general manager in IT security. Many of the concepts whose development he led form the basis for today’s approaches to building secure systems.
Lipner is coauthor with Michael Howard of The Security Development Lifecycle (Microsoft Press, 2006) and is named as inventor on twelve U.S. patents and two pending applications in the field of computer and network security. He served two terms on the United States Information Security and Privacy Advisory Board and its predecessor. Lipner holds S.B. and S.M. degrees from the Massachusetts Institute of Technology and attended the Harvard Business School’s Program for Management Development.
Dr. Frances Paulisch - Head of the Software Initiative Siemens AG
Frances Paulisch drives cross-company initiatives related to software and to IT security for products and solutions. These activities include strategic topics, best practice sharing, reporting, and training. A main focus of her work is empowering cross-functional teams to work together well over the whole development lifecycle. In particular with a focus on how to realize not only the set of features but also other relevant attributes such as performance, security, scalability etc. At Siemens she has driven the development of a role-based "Software Curriculum" qualification program which is established as one of the global core learning programs at Siemens. Dr. Paulisch has over 20 years experience in software engineering and management areas.
She is also active member of the global software engineering community, playing an active role in various major software conferences such as the International Conference on Software Engineering. She is also Chair of the Advisory Board of the IEEE Software magazine.
She received her doctorate in software engineering at the University of Karlsruhe in Germany and her Masters in Computer Science at Purdue University.
Gary Phillips - Senior Director, Technology Assurance Symantec - Treasurer of SAFECode
Gary Phillips is a Senior Director of Technology Assurance in the Office of the CTO for Symantec Corporation and is a member of SAFECode’s Board of Directors. In his position at Symantec, Mr. Phillips manages a diversity of responsibilities, including open source operations and strategy, product security, interactions with all standards bodies, standards compliance, shared development tool investigations, shared code management, technology control planning and software supply chain management.
Prior to joining Symantec, Mr. Phillips held several senior management and technology leadership positions for Compaq, Schlumberger, Western Geophysical, and Fairchild. He is also currently a member of the Storage Networking Industry Association (SNIA) board of directors, the International Committee for IT Standards (INCITS) executive board, the Software and Information Industry Association software board, and the board of directors for IT-ISAC.
Mr. Phillips earned his Bachelors degree in Computer Science from the Georgia Institute of Technology and attended graduate school at the University of South Florida and the University of Houston.LinkedIn: http://www.linkedin.com/in/glphillips
Howard A. Schmidt - Executive Director
Howard Schmidt serves as a partner in the strategic advisory firm Ridge Schmidt Cyber, an executive services firm that helps leaders in business and government navigate the increasing demands of cybersecurity. He serves in this position with Tom Ridge, the first secretary of the Department of Homeland Security. He also serves as executive director of The Software Assurance Forum for Excellence in Code (SAFECode).
Howard A. Schmidt brings together talents in business, defense, intelligence, law enforcement, privacy, academia and international relations, gained from a distinguished career spanning 40 years. He served as Special Assistant to the President and the Cybersecurity Coordinator for the federal government. In this role, Mr. Schmidt was responsible for coordinating interagency cybersecurity policy development and implementation, and for coordinating engagement with federal, state, local, international, and private sector cybersecurity partners.
Previously, Mr. Schmidt was the President and CEO of the Information Security Forum (ISF). Before ISF, he served as Vice President and Chief Information Security Officer and Chief Security Strategist for eBay Inc., and formerly operated as the Chief Security Officer for Microsoft Corp. He also served as Chief Security Strategist for the US-CERT Partners Program for the Department of Homeland Security. Mr. Schmidt also brings to bear over 26 years of military service. Beginning active duty with the Air Force, he later joined the Arizona Air National Guard. With the AF he served in a number of military and civilian roles culminating as Supervisory Special Agent with the Office of Special Investigations (AFOSI). He finished his last 12 years as an Army Reserve Special Agent with Criminal Investigation Division’s (CID) Computer Crime Unit, all while serving over a decade as police officer with the Chandler Police Department.
Mr. Schmidt holds a bachelor’s degree in business administration (BSBA) and a master’s degree in organizational management (MAOM) from the University of Phoenix. He also holds an Honorary Doctorate degree in Humane Letters. Howard was an Adjunct Professor at GA Tech, GTISC, Professor of Research at Idaho State University and Adjunct Distinguished Fellow with Carnegie Mellon’s CyLab and a Distinguished Fellow of the Ponemon Privacy Institute.
Howard is a Ham Radio operator (W7HAS), private pilot, outdoorsman and avid Harley-Davidson rider. He is married to Raemarie J. Schmidt, a forensic scientist and researcher, and instructor in the field of computer forensics. Together, they are proud parents, and happy grandparents.
Stacy Simpson - Policy and Communications Director
Stacy Simpson is the policy and communications director for the Software Assurance Forum for Excellence in Code (SAFECode) and a consultant to Virtual, Inc. In this role, she manages all facets of the organization’s operations and works across its membership to lead key industry initiatives. She also serves as editor for its publications and as one of the organization’s main spokespeople. Stacy brings nearly 12 years of experience in the information security industry to SAFECode, including expertise in association management, strategic communications and government outreach.
Previously, she served as a Director in the Cyber Risk Practice at Good Harbor Consulting, a global strategic risk management consulting firm. While there, she was responsible for the management of Good Harbor’s Cyber Risk Practice team, and provided strategic guidance to clients on developing effective cyber security programs and navigating the federal government’s policies related to cyberspace.
Prior to Good Harbor, Stacy led the Security Practice for technology public relations firm Merritt Group. In that role, she led strategic communications activities for the Cyber Security Industry Alliance, a public policy association representing the information security industry in Washington and Brussels. She also developed and managed communications activities for numerous information-security industry leaders including Check Point Software Technologies, Qualys, Secure Computing, SPI Dynamics and Pointsec Mobile Technologies. Prior to joining Merritt Group, she spent more than three years at FitzGerald Communications where she managed most of the firm’s security-related business.
Stacy began her career at Waterford Public Relations where she executed grassroots outreach campaigns in support of large commercial real estate development projects. She holds a B.A. in Public Relations/Advertising from Penn State University.
+1 781-876-8833
stacy at safecode.org