LOGIN | REGISTER NOW | SUBSCRIBE
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 
Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?


 
blogs tab
Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST

 

Events calendar tab
EclipseCon
3/22/2010 to 3/25/2010
Santa Clara, Calif.
The Eclipse Foundation

DevConnections
4/12/2010 to 4/14/2010
Las Vegas
Penton Media

MySQL Conf. and Expo
4/12/2010 to 4/15/2010
Santa Clara, Calif.
O'Reilly Media

High Performance Computing Linux Financial Markets
4/19/2010
New York City
Flagg Management

Informix User Conf.
4/25/2010 to 4/28/2010
Overland Park, Kans.
IIUG


 
print Printable version 
Most Read Latest News Blog Resources
Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

IBM brings Rational tools into the cloud
Fifteen Rational products for managing, developing and testing on clouds are now available...

Going 'all in' on .NET as default runtime
Programmers for Windows Phone 7 will need to use Silverlight and XNA for development

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

Preaching Safety to Software Providers


Vendor education the focus of new SAFECode organization

By Jeff Feinman
November 2, 2007 — 
IT industry leaders have joined together to create the Software Assurance Forum for Excellence in Code (SAFECode), an organization dedicated to helping software vendors create and deliver secure products.

The founding members are EMC, Juniper Networks, Microsoft, SAP and Symantec. The organization was announced on Oct. 23 in London.

SAFECode’s Web site is intended to be an online resource, helping to identify and share best practices for assuring that software functions as intended without introducing defects or vulnerabilities, promoting broader adoption of such practices into the cyber ecosystem, and working with governments and other infrastructure providers to influence vendor practices and manage enterprise risks.

“There are lot of associations and thinking going on around security as it relates to the end user, but we are taking a vendor approach, and we are talking about what we should do in our own product,” said Eric Baize, senior director of product security for EMC. He added, “We are one degree removed from the practitioner, and we found that it is very difficult to find information that could be applicable to end-based practices and a product organization. That’s really the gap we want to fill.”

SAFECode officials said that they believe some vendors lack an understanding of best practices that enable customers to securely use their products. Other vendors are wary of sharing best practices, Baize claimed, leading to this information gap.

SAFECode was created after the founding members agreed that the industry lacked a vehicle for communicating best practices. “The main driver was the realization by a few vendors that the practices we were doing around our own products was not very well-known by our customers and by the market in general,” Baize said. “It was very clear that as each of us was engaging with our customers, we saw a lot of interest from our customers in trying to learn what we are doing and how the customer could apply it into their own development processes.”

SAFECode will continue to develop its road map, but right now, training and education are at the top of the list. The members have also been discussing a “security development life cycle,” which involves thinking about security throughout the process of software creation, and taking security into account during coding, testing and deployment.

“Software assurance is a critical element of IT ecosystem security,” said Paul Kurtz, executive director of SAFECode. “By building on the positive work already done in this area by individual firms and encouraging broader adoption of proven best practices, SAFECode has a unique opportunity to significantly impact the overall security of the cyber infrastructure.”


Share this link: http://www.sdtimes.com/link/31291
 

Add comment


Name*
Email*  
Country     


  • Comment
  • Preview
Loading