SEARCH    
SAFECode Driving Security and Integrity
 

PAPERS

Interpreting the BSIMM

A SAFECode Perspective on Leveraging Descriptive Software Security Initiatives
This brief paper provides SAFECode’s perspectives on the BSIMM and addresses the questions that we often get about how our guidance relates to the data released through the BSIMM effort.

http://www.safecode.org/publications/SAFECode_Interpret_BSIMM1111.pdf 788K

 
Fundamental Practices for Secure Software Development 2nd Edition

Report Provides Foundational Set of Secure Development Practices Based on an Analysis of the Real-World Actions of SAFECode Members. The report is intended to help others in the industry initiate or improve their own software security programs and encourage the industry-wide adoption of fundamental secure development methods.

http://www.safecode.org/publications/SAFECode_Dev_Practices0211.pdf 1.9M

 
Overview of Software Integrity Controls

An Assurance-Based Approach to Minimizing Risks in the Software Supply Chain. The new report provides actionable recommendations for minimizing the risk of vulnerabilities being inserted into a software product during its sourcing, development and distribution.

http://www.safecode.org/publications/SAFECode_Software_Integrity_Controls0610.pdf 2.3M

 
Framework for Software Supply Chain Integrity

First industry-driven framework for analyzing and describing the efforts of software suppliers to mitigate the potential that software could be intentionally compromised during its sourcing, development or distribution.

http://www.safecode.org/publications/SAFECode_Supply_Chain0709.pdf 1.4M

 
Security Engineering Training

A Framework for Corporate Training Programs on the Principles of Secure Software Development

http://www.safecode.org/publications/SAFECode_Training0409.pdf 1.9M

 
Fundamental Practices for Secure Software Development

Based on an analysis of the individual software assurance efforts of SAFECode members, the paper outlines a core set of secure development practices that can be applied across diverse development environments to improve software security.

http://www.safecode.org/publications/SAFECode_Dev_Practices1108.pdf 2.1M

 
Software Assurance: An Overview of Current Industry Best Practices

The report outlines the secure development methods and integrity controls currently used by SAFECode members to deliver high-assurance systems to government and commercial customers.

http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf 1.7M
http://www.safecode.org/publications/SAFECode_BestPractices0208_plain.pdf 807K (less graphics)