SAFECode
Frequently Asked Questions

What is SAFECode's Mission?

SAFECode is dedicated to increasing trust in information and communications technology products and services through the advancement of proven software assurance methods. To this end, SAFECode unites subject matter experts with unparalleled experience in managing complex global processes for software development, integrity controls and supply chain security. The trusted exchange of insights about proven methods and real world experiences provides SAFECode members a unique opportunity to share collective perspectives and practices that can enhance the greater cyber ecosystem.

What is Software Assurance?

Software Assurance encompasses a developing set of methods and processes for ensuring that software functions as intended without introducing vulnerabilities, malicious code, or defects that can bring harm to the end user.

Why is Software Assurance Important?

Software is everywhere. It controls business systems, critical infrastructure, personal computers and PDAs to name a few. As the global dependence on information and communications technology has grown, users have become increasingly concerned over the integrity, security and reliability of software, hardware and services, especially those in the government, critical infrastructure and enterprise sectors. The number of software vulnerabilities reported to the US CERT increased from dramatically from 1020 in 2000 to 6601 in 2006. Cyber attacks are becoming more stealthy and sophisticated, creating a complex and dynamic risk environment for IT-based operations that users are working to better understand and manage. Similarly, IT vendors have undertaken significant efforts to reduce IT vulnerabilities, improve resistance to attack and protect supply chain integrity.

What is the Software Assurance Forum for Excellence in Code (SAFECode)?

The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of proven software assurance methods. Founded by EMC Corporation, Juniper Networks, Inc., Microsoft Corporation, SAP AG, and Symantec Corp., SAFECode works to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services.

What does SAFECode do to promote software assurance?

SAFECode works with governments and critical infrastructure owner/operators to: Increase understanding of the secure development methods and integrity controls used by vendors; promote proven software assurance practices among vendors and customers to foster a more trusted ecosystem; identify opportunities to leverage vendor software assurance practices to better manage enterprise risks; foster essential university curriculum changes needed to support the information and communications technology cyber ecosystem; and catalyze action on key research and development initiatives in the area of software assurance.

Is SAFECode just another IT association?

SAFECode is neither a standards body nor a lobbying association. Rather it is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of proven software assurance methods. As a collaborative effort of leading technology companies committed to software assurance excellence, SAFECode provides a forum for subject matter experts to come together to work on some of the most challenging issues faced by the IT industry. There is no single solution or "right way" to address software assurance. Indeed, there are many different ways to succeed. SAFECode provides an opportunity to bring the best methods together in a manner that helps vendors, governments and critical infrastructures better manage risk.

Why is SAFECode necessary now?

There is an important need (1) to identify and share vendor practices that have been proven to work, (2) promote broader adoption of such practices into the cyber ecosystem, and (3) work with governments/critical infrastructures to leverage vendor practices to manage enterprise risks. While individual companies have implemented effective methods for developing and delivering more secure and reliable software, hardware and services, there has been no coordinated, industry-led effort to build upon this positive work and promote best practices to advance software assurance more broadly. SAFECode fills this critical gap by bringing together subject matter experts to identify and share proven vendor software assurance practices, promote broader adoption of such practices into the cyber ecosystem, and work with governments and critical infrastructure providers to leverage vendor practices to manage enterprise risks.

Who are SAFECode's members?

SAFECode's members are leading information and communications technology companies committed to software assurance. See members

How can my organization become a member of SAFECode?

SAFECode is looking for hands-on members who want to benefit from the experiences of others and actively contribute to advancing the art of software assurance. If that describes you, then get involved with SAFECode. For more information please send an email to inquiries@safecode.org.