SAFECode Teams with CSA to Provide DevSecOps Guidance
By Steve Lipner, Executive Director, SAFECode Today, we joined the Cloud Security Alliance (CSA) in releasing a new framework for thinking about DevSecOps in a cloud environment. The paper, “The Six...
View ArticleLessons learned through 15 years of SDL at work
By Steve Lipner, Contributor, CSO In short? Security Development Lifecycle is all about the developers… Do a quick search on secure development and you’ll find pages and pages of advice and best...
View ArticleSoftware Security Takes a Champion
At SAFECode, we are always looking for common themes among our members that lead to successful software security outcomes. We’ve consistently found that while there may not be one single recipe for a...
View ArticlePrivacy and the SDL: The Developer’s Role in Personal Data Privacy
By Anthony Dulay, Boeing with Souheil Moghnie, NortonLifeLock and Loren Brent Cobb, Boeing In the digital age, data is everywhere. More people than ever before are using internet-connected,...
View ArticleNew Report Offers Practical Guidance on Developing a Security-Supportive...
By Stacy Simpson, SAFECode At SAFECode, we often talk about the need to look beyond the technical requirements of implementing a secure software development lifecycle and think more expansively about...
View ArticleThe Six Pillars of DevSecOps: Collective Responsibility
SAFECode-CSA DevSecOps Working Group identified and defined six focus areas critical to integrating DevSecOps into an organization, in accordance with the six pillars described in CSA’s Reflexive...
View ArticleFundamental Practices for Secure Software Development, Third Edition
Software assurance encompasses the development and implementation of methods and processes for ensuring that software functions as intended and is free of design defects and implementation flaws. The...
View ArticleStart the Countdown Now: Your Cryptography’s Time is Running Out
By Janet Jones, Microsoft with Judith Furlong, Dell Technologies; Brian Rosenberg, Raytheon Technologies; Souheil Moghnie, NortonLifeLock; Mathew Lyon, Dell Technologies; Steve Lipner, SAFECode It may...
View ArticleUntangling Supply Chain Security
A Brief Overview of Software Security Resources Supporting the Supply Chain Security Discussion By Steve Lipner Software assurance was traditionally the kind of boring security discipline relegated to...
View ArticlePreparing for PQC: Roadmap & Initial Guidance
By Janet Jones, Microsoft with Judith Furlong, Dell Technologies; Brian Rosenberg, Raytheon Technologies; Souheil Moghnie, NortonLifeLock; Mathew Lyon, Dell Technologies; Steve Lipner, SAFECode In...
View Article
More Pages to Explore .....