Preaching Safety to Software Providers
Vendor education the focus of new SAFECode organization
November 2, 2007 —
IT industry leaders have joined together to create the Software Assurance Forum for Excellence in Code (SAFECode), an organization dedicated to helping software vendors create and deliver secure products.
The founding members are EMC, Juniper Networks, Microsoft, SAP and Symantec. The organization was announced on Oct. 23 in London.
SAFECode’s Web site is intended to be an online resource, helping to identify and share best practices for assuring that software functions as intended without introducing defects or vulnerabilities, promoting broader adoption of such practices into the cyber ecosystem, and working with governments and other infrastructure providers to influence vendor practices and manage enterprise risks.
“There are lot of associations and thinking going on around security as it relates to the end user, but we are taking a vendor approach, and we are talking about what we should do in our own product,” said Eric Baize, senior director of product security for EMC. He added, “We are one degree removed from the practitioner, and we found that it is very difficult to find information that could be applicable to end-based practices and a product organization. That’s really the gap we want to fill.”
SAFECode officials said that they believe some vendors lack an understanding of best practices that enable customers to securely use their products. Other vendors are wary of sharing best practices, Baize claimed, leading to this information gap.
SAFECode was created after the founding members agreed that the industry lacked a vehicle for communicating best practices. “The main driver was the realization by a few vendors that the practices we were doing around our own products was not very well-known by our customers and by the market in general,” Baize said. “It was very clear that as each of us was engaging with our customers, we saw a lot of interest from our customers in trying to learn what we are doing and how the customer could apply it into their own development processes.”
SAFECode will continue to develop its road map, but right now, training and education are at the top of the list. The members have also been discussing a “security development life cycle,” which involves thinking about security throughout the process of software creation, and taking security into account during coding, testing and deployment.
“Software assurance is a critical element of IT ecosystem security,” said Paul Kurtz, executive director of SAFECode. “By building on the positive work already done in this area by individual firms and encouraging broader adoption of proven best practices, SAFECode has a unique opportunity to significantly impact the overall security of the cyber infrastructure.”
Share this link: http://sdt.bz/31291
Most Read Latest News Blog Resources
Zeichick’s Take: Radio moves from analog waveforms to digital packets
Streaming radio highlights the need for streaming applications to be designed to take up as little bandwidth as possible
|
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Appcelerator Acquires Cocoafish to Add Instant Mobile Cloud Capabilities to its Industry Leading Titanium Platform
Appcelerator Offers Messaging, Social, Location and Storage Mobile Cloud Services to All Mobile App Publishers
|
|
ComponentOne Releases a Collection of 40+ UI Widgets Powered by HTML5 and jQuery
ComponentOne has announced the 2012 release of Wijmo: a kit of UI widgets for HTML5 and jQuery development
|
Taking enterprise architecture to the business side
Startup Corso is bringing out a cloud-based planning platform that ties into business plans
|
|
Top five apps to manage your workload
Web applications offer new ways to track your “to-do” lists
|
|
Not so fast when it comes to testing in the cloud
Developers face outsourcing, virtual lab management and mobile devices as obstacles
|
|
Xceed releases UX-focused suite for Microsoft’s WPF
"Blendables" helps match user experiences to developer visions
|
Are you at risk for burnout?
Burnout is a severe problem and it can strike at any time. Here's how to tell if you are nearing the edge.
|
|
Agility, mom, and apple pie
If we're to evaluate the state-of-the-art in software development, we should start with the values espoused in the Agile Manifesto.
|
|
RIM woos developers with free tablet
How do you get more apps ported to the BlackBerry PlayBook? By giving every developer a free tablet, of course!
|
|
GitHire: Use Headhunters to Find Your Perfect Programmer
Are you a hiring manager tired of scouring the job boards? Check out this new service that will find 5 people interested in your jobs.
|
The Hidden Costs of Software Licensing
Moving beyond paper-based software licensing to more flexible, software-based licensing is a business decision. There is a growing trend tow...
|
|
Case Study: You May Need a Development Mechanic
As a contractor for a major financial player in Germany, SOBEGE, a German-based consultancy specializing in embedded IT and web services, wa...
|
|
Ensuring Software Quality at a Major International Bank
One of the world’s leading international banks has adopted AgitarOne technology for delivering generated unit tests for their Java software...
|
|
Load Testing Adobe Flex Applications
Adobe Flex applications may be different from applications you’ve worked with before. For classic HTML web applications, the server does all...
|