[Global_industry_committee] Another potential place for OWASP to review/comment on a document

Matt Tesauro mtesauro at gmail.com
Fri Jun 5 15:20:50 EDT 2009


Don't know if any of you are aware of SAFECode or their work but this 
group is looking for comments on their take on the secure SDLC.
"Fundamental Practices for Secure Software Development: A Guide to the 
Most Effective Secure Development Practices in Use Today."

Maybe be worth the committee's time to review and comment as necessary.

Membership of this group includes some fairly big players:
"Its members include EMC Corporation, Juniper Networks, Inc., Microsoft 
Corp., Nokia, SAP AG and Symantec Corp."

-- 
-- Matt Tesauro
OWASP Live CD Project Lead
http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
http://AppSecLive.org - Community and Download Site

-------- Original Message --------
Subject: SAFECode Seeks Comments on Secure Development Practices
Date: Fri,  5 Jun 2009 13:10:05 -0500 (CDT)
From: SAFECode Alert<news at safecode.org>
Reply-To: SAFECode Alert<news at safecode.org>
To: mtesauro at gmail.com



In October 2008, SAFECode released "Fundamental Practices for Secure 
Software Development: A Guide to the Most Effective Secure Development 
Practices in Use Today." Based on an analysis of the individual software 
assurance efforts of SAFECode members, the paper outlines a core set of 
secure development practices that can be applied across diverse 
development environments to improve software security.

The brief and highly actionable paper describes each identified security 
practice across the software development lifecycle - Requirements, 
Design, Programming, Testing, Code Handling and Documentation - and 
offers implementation advice based on the real-world experiences of 
SAFECode members.

Due to the overwhelmingly positive response to the paper's publication, 
as well as the rapidly evolving information security environment, 
SAFECode will be releasing an updated version of the paper in late 2009.

In our continued effort to make the paper's recommendations as useful 
and relevant as possible, we would like to offer experts outside of our 
membership an opportunity to provide input into the paper's next 
version. To submit your comments, please visit 
http://www.safecode.org/feedback.php.

We will be accepting comments until July 31, 2009.

About SAFECode
The Software Assurance Forum for Excellence in Code (SAFECode) is a 
non-profit organization exclusively dedicated to increasing trust in 
information and communications technology products and services through 
the advancement of effective software assurance methods. SAFECode is a 
global, industry-led effort to identify and promote best practices for 
developing and delivering more secure and reliable software, hardware 
and services.  Its members include EMC Corporation, Juniper Networks, 
Inc., Microsoft Corp., Nokia, SAP AG and Symantec Corp. For more 
information, please visit www.safecode.org.


Did someone forward this to you?  To subscribe to receive future 
SAFECode ALERTS, please visit www.safecode.org.

To unsubscribe to future SAFECode News and Alerts, please use this link:
  www.safecode.org/opt_subscribers.php?key=XqTtZ3792mSWH8dJQyRk&opt=out


Don't miss future communications from SAFECode. Add news at SAFECode.org to 
your address book to prevent these messages from getting filtered.


SAFECode * 2101 Wilson Boulevard, Suite 1000 * Arlington, VA 22201 *(p) 
+ 1 703.812.9199 *(f) + 1 703.812.9350 * stacy at safecode.org




More information about the Global_industry_committee mailing list