SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. We created this blog so that we could keep you posted on new developments in software assurance and our ongoing work in this area.
Please note that the opinions expressed in this blog are those of the writer or contributor and do not necessarily reflect the opinions of SAFECode or its member companies.
*First published Oct. 16, 2017 in CSOonline
By Steve Lipner, Executive Director, SAFECode
Focusing on culture might be the most important thing an organization can do when developing secure software. One of the toughest technical challenges in software security isn’t even technical. It’s cultural. Developers are responsible for making the code secure but, in many cases, have not lived up to their responsibility.READ MORE
By Eric Baize, Chairman, SAFECode Software security is less and less about technology and more and more about culture. I would contend that today, for the most part, we know what it takes to build secure software. What we are struggling with is how to make secure software a reality on a large scale. This […]READ MORE
By Carol Clark, Director of Marketing, SAFECode Eric Baize believes culture is an essential part of human society. But the SAFECode Chairman and Vice President, Product Security at Dell EMC is not talking about poetry or opera. Instead, Baize will be representing SAFECode and discussing culture as it relates to software development. During his keynote […]READ MORE
During a wide-ranging interview on a recent episode of “Security Weekly” – a security podcast hosted by Paul Asadoorian – SAFECode’s Steve Lipner discussed how organizations and developers can take advantage of SAFECode’s new threat modeling and third party component best practices white papers. Here are some of Steve’s insights from the discussion. To hear […]READ MORE
Izar Tarandach & Brook S.E. Schoenfield A couple of years ago I was engaging a new team into our Secure Development Life cycle (SDL) process. One of the initial activities is Threat Modeling, and in discussion with a product architect, I was asked, “We have a working design here, and now you want to come […]READ MORE
By Tania Skinner, Product Security Strategist, Intel Corporation The Managing Security Risks Inherent in the Use of Third-party Components White Paper is now available. Below is a brief preview of the document. I encourage you to download it and share it with your colleagues. The use of third-party components (TPCs), including open source software (OSS) […]READ MORE
By Steve Lipner and Eric Baize After every news cycle involving major technology players and zero-day vulnerabilities in the products or services they provide, suspicious comments questioning technology players’ commitment to software security assurance inevitably seem to resurface. The recent Wikileaks release of documents allegedly from the CIA describing zero-day exploits in major online services […]READ MORE
The SAFECode board and members join the cybersecurity community in mourning the loss of Howard Schmidt as an industry pioneer, colleague, collaborator, and friend. Howard’s contributions to the cybersecurity community have been recognized in many ways, most recently by his receiving the 2017 Award for Excellence in the Field of Information Security. The SAFECode members […]READ MORE
By Eric Baize, Chairman of the Board, SAFECode SAFECode members crowded into Jillian’s directly across from the Moscone Center in San Francisco on February 15, 2017 for SAFECode’s Second Annual RSA Conference Breakfast. Seventeen SAFECode members were honored with recognition awards for their work at the event on four white papers that are currently […]READ MORE
Recent security incidents exploiting weaknesses in Internet of Things (IoT) devices have demonstrated that software assurance is no longer just an issue for traditional information technology suppliers and end user organizations. Here’s why: Recent attacks have shown that connected devices can be exploited to launch large scale attacks Connected Internet-of-Things (IoT) devices cannot hide their […]READ MORE