This paper provides a framework for examining the secure development process of commercial technology providers It is designed to help readers select the most appropriate assessment method for their needs, and provides guidance to help them develop a process-based assessment for use in cases when an appropriate international standard does not apply
SAFECode and the Cloud Security Alliance (CSA) Release Guidance for the Secure Development of Cloud Applications
SAFECode and CSA partnered to determine whether additional software security guidance was needed to address unique threats to the cloud computing, and if so, to identify specific security practices in the context of identified threats. This report represents the product of that collaboration and is intended to help readers better understand and implement best practices for secure cloud software development.
SAFECode Releases Software Security Guidance for Agile Practitioners
This paper provides practical software security guidance to Agile practitioners in the form of security-focused stories and security tasks they can easily integrate into their Agile-based development environments. SAFECode has also made available quick reference guides from the paper for download.
A SAFECode Perspective on Leveraging Descriptive Software Security Initiatives
This brief paper provides SAFECode’s perspectives on the BSIMM and addresses the questions that we often get about how our guidance relates to the data released through the BSIMM effort.
Report Provides Foundational Set of Secure Development Practices Based on an Analysis of the Real-World Actions of SAFECode Members.
The report is intended to help others in the industry initiate or improve their own software security programs and encourage the industry-wide adoption of fundamental secure development methods.
An Assurance-Based Approach to Minimizing Risks in the Software Supply Chain.
The new report provides actionable recommendations for minimizing the risk of vulnerabilities being inserted into a software product during its sourcing, development and distribution.
First industry-driven framework for analyzing and describing the efforts of software suppliers to mitigate the potential that software could be intentionally compromised during its sourcing, development or distribution.
A Framework for Corporate Training Programs on the Principles of Secure Software Development
Based on an analysis of the individual software assurance efforts of SAFECode members, the paper outlines a core set of secure development practices that can be applied across diverse development environments to improve software security.
The report outlines the secure development methods and integrity controls currently used by SAFECode members to deliver high-assurance systems to government and commercial customers.