SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. We created this blog so that we could keep you posted on new developments in software assurance and our ongoing work in this area.
Please note that the opinions expressed in this blog are those of the writer or contributor and do not necessarily reflect the opinions of SAFECode or its member companies.
Izar Tarandach & Brook S.E. Schoenfield A couple of years ago I was engaging a new team into our Secure Development Life cycle (SDL) process. One of the initial activities is Threat Modeling, and in discussion with a product architect, I was asked, “We have a working design here, and now you want to come […]READ MORE
By Tania Skinner, Product Security Strategist, Intel Corporation The Managing Security Risks Inherent in the Use of Third-party Components White Paper is now available. Below is a brief preview of the document. I encourage you to download it and share it with your colleagues. The use of third-party components (TPCs), including open source software (OSS) […]READ MORE
By Steve Lipner and Eric Baize After every news cycle involving major technology players and zero-day vulnerabilities in the products or services they provide, suspicious comments questioning technology players’ commitment to software security assurance inevitably seem to resurface. The recent Wikileaks release of documents allegedly from the CIA describing zero-day exploits in major online services […]READ MORE
The SAFECode board and members join the cybersecurity community in mourning the loss of Howard Schmidt as an industry pioneer, colleague, collaborator, and friend. Howard’s contributions to the cybersecurity community have been recognized in many ways, most recently by his receiving the 2017 Award for Excellence in the Field of Information Security. The SAFECode members […]READ MORE
By Eric Baize, Chairman of the Board, SAFECode SAFECode members crowded into Jillian’s directly across from the Moscone Center in San Francisco on February 15, 2017 for SAFECode’s Second Annual RSA Conference Breakfast. Seventeen SAFECode members were honored with recognition awards for their work at the event on four white papers that are currently […]READ MORE
Recent security incidents exploiting weaknesses in Internet of Things (IoT) devices have demonstrated that software assurance is no longer just an issue for traditional information technology suppliers and end user organizations. Here’s why: Recent attacks have shown that connected devices can be exploited to launch large scale attacks Connected Internet-of-Things (IoT) devices cannot hide their […]READ MORE
All of us at SAFECode are looking forward to working with our new Executive Director Steve Lipner, appointed December 1, 2016. While all of the SAFECode board members have been privileged to work closely with Steve over many years, we thought you’d enjoy learning more about him. We took a moment to ask Steve a […]READ MORE
Five SAFECode board members visited Washington DC earlier this month and met with representatives of the US Federal government interested in cybersecurity. With the growing awareness amongst policy makers of the importance of software security assurance and its critical role in cybersecurity, it is important to further educate policy makers on this complex issue and […]READ MORE
(By Vishal Asthana – firstname.lastname@example.org) Most organizations either have their own central security teams or rely on external security consultants for building and rolling out AppSec programs. As a starting point, a couple of cooperative development teams are selected for a “pilot rollout”. Upon seeing successful implementation results from a subset of the pilot candidates (development teams), the security […]READ MORE
On March 2nd, during the RSA Conference, SAFECode honored Steve Lipner who stepped down from as the Chairman of SAFECode in 2015 when he retired from Microsoft. First to honor Steve was Glenn Pittaway, a Senior Director at Microsoft in the area of assurance, and SAFECode Board Member. Glenn has worked closely with Steve at […]READ MORE