SEARCH    
SAFECode Driving Security and Integrity

PAPERS

 
Practices for Secure Development of Cloud Applications

SAFECode and the Cloud Security Alliance (CSA) Release Guidance for the Secure Development of Cloud Applications
SAFECode and CSA partnered to determine whether additional software security guidance was needed to address unique threats to the cloud computing, and if so, to identify specific security practices in the context of identified threats. This report represents the product of that collaboration and is intended to help readers better understand and implement best practices for secure cloud software development.

http://www.safecode.org/publications/SAFECode_CSA_Cloud_Final1213.pdf 2.27M

 
Guidance for Agile Practitioners

SAFECode Releases Software Security Guidance for Agile Practitioners
This paper provides practical software security guidance to Agile practitioners in the form of security-focused stories and security tasks they can easily integrate into their Agile-based development environments. SAFECode has also made available quick reference guides from the paper for download.

http://www.safecode.org/publications/SAFECode_Agile_Dev_Security0712.pdf 1.5M
http://www.safecode.org/publications/SAFECode_Agile_Section2b-tables.pdf 735K
http://www.safecode.org/publications/SAFECode_Agile_Section3-tables.pdf 730K
http://www.safecode.org/publications/SAFECode_Agile_Section2a-tables.pdf 1.4M

 
Interpreting the BSIMM

A SAFECode Perspective on Leveraging Descriptive Software Security Initiatives
This brief paper provides SAFECode's perspectives on the BSIMM and addresses the questions that we often get about how our guidance relates to the data released through the BSIMM effort.

http://www.safecode.org/publications/SAFECode_Interpret_BSIMM1111.pdf 788K

 
Fundamental Practices for Secure Software Development 2nd Edition

Report Provides Foundational Set of Secure Development Practices Based on an Analysis of the Real-World Actions of SAFECode Members. The report is intended to help others in the industry initiate or improve their own software security programs and encourage the industry-wide adoption of fundamental secure development methods.

http://www.safecode.org/publications/SAFECode_Dev_Practices0211.pdf 1.9M

 
Overview of Software Integrity Controls

An Assurance-Based Approach to Minimizing Risks in the Software Supply Chain. The new report provides actionable recommendations for minimizing the risk of vulnerabilities being inserted into a software product during its sourcing, development and distribution.

http://www.safecode.org/publications/SAFECode_Software_Integrity_Controls0610.pdf 2.3M

 
Framework for Software Supply Chain Integrity

First industry-driven framework for analyzing and describing the efforts of software suppliers to mitigate the potential that software could be intentionally compromised during its sourcing, development or distribution.

http://www.safecode.org/publications/SAFECode_Supply_Chain0709.pdf 1.4M

 
Security Engineering Training

A Framework for Corporate Training Programs on the Principles of Secure Software Development

http://www.safecode.org/publications/SAFECode_Training0409.pdf 1.9M

 
Fundamental Practices for Secure Software Development

Based on an analysis of the individual software assurance efforts of SAFECode members, the paper outlines a core set of secure development practices that can be applied across diverse development environments to improve software security.

http://www.safecode.org/publications/SAFECode_Dev_Practices1108.pdf 2.1M

 
Software Assurance: An Overview of Current Industry Best Practices

The report outlines the secure development methods and integrity controls currently used by SAFECode members to deliver high-assurance systems to government and commercial customers.

http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf 1.7M
http://www.safecode.org/publications/SAFECode_BestPractices0208_plain.pdf 807K (less graphics)