[Global_industry_committee] Another potential place for OWASP to review/comment on a document
mtesauro at gmail.com
Fri Jun 5 15:20:50 EDT 2009
Don't know if any of you are aware of SAFECode or their work but this
group is looking for comments on their take on the secure SDLC.
"Fundamental Practices for Secure Software Development: A Guide to the
Most Effective Secure Development Practices in Use Today."
Maybe be worth the committee's time to review and comment as necessary.
Membership of this group includes some fairly big players:
"Its members include EMC Corporation, Juniper Networks, Inc., Microsoft
Corp., Nokia, SAP AG and Symantec Corp."
-- Matt Tesauro
OWASP Live CD Project Lead
http://AppSecLive.org - Community and Download Site
-------- Original Message --------
Subject: SAFECode Seeks Comments on Secure Development Practices
Date: Fri, 5 Jun 2009 13:10:05 -0500 (CDT)
From: SAFECode Alert<news at safecode.org>
Reply-To: SAFECode Alert<news at safecode.org>
To: mtesauro at gmail.com
In October 2008, SAFECode released "Fundamental Practices for Secure
Software Development: A Guide to the Most Effective Secure Development
Practices in Use Today." Based on an analysis of the individual software
assurance efforts of SAFECode members, the paper outlines a core set of
secure development practices that can be applied across diverse
development environments to improve software security.
The brief and highly actionable paper describes each identified security
practice across the software development lifecycle - Requirements,
Design, Programming, Testing, Code Handling and Documentation - and
offers implementation advice based on the real-world experiences of
Due to the overwhelmingly positive response to the paper's publication,
as well as the rapidly evolving information security environment,
SAFECode will be releasing an updated version of the paper in late 2009.
In our continued effort to make the paper's recommendations as useful
and relevant as possible, we would like to offer experts outside of our
membership an opportunity to provide input into the paper's next
version. To submit your comments, please visit
We will be accepting comments until July 31, 2009.
The Software Assurance Forum for Excellence in Code (SAFECode) is a
non-profit organization exclusively dedicated to increasing trust in
information and communications technology products and services through
the advancement of effective software assurance methods. SAFECode is a
global, industry-led effort to identify and promote best practices for
developing and delivering more secure and reliable software, hardware
and services. Its members include EMC Corporation, Juniper Networks,
Inc., Microsoft Corp., Nokia, SAP AG and Symantec Corp. For more
information, please visit www.safecode.org.
Did someone forward this to you? To subscribe to receive future
SAFECode ALERTS, please visit www.safecode.org.
To unsubscribe to future SAFECode News and Alerts, please use this link:
Don't miss future communications from SAFECode. Add news at SAFECode.org to
your address book to prevent these messages from getting filtered.
SAFECode * 2101 Wilson Boulevard, Suite 1000 * Arlington, VA 22201 *(p)
+ 1 703.812.9199 *(f) + 1 703.812.9350 * stacy at safecode.org
More information about the Global_industry_committee