Last week, SAFECode released a large update to the “Fundamental Practices for Secure Software Development” paper. The paper helps software development teams create more secure software.
Not only did SAFECode members overhaul the paper’s technical content, the group also added Common Weakness Enumeration (CWE) references and details about verification tools and techniques to determine if a development team is adhering to the practices.
In my opinion, the paper is unique and important in that it describes what SAFECode members are doing in practice to raise the security bar; it’s deeply pragmatic and not a theoretical or academic document.
SAFECode is also actively seeking public comment on the paper, especially in the verification sections. If you know of specific tools or techniques to help determine if a software development team is adhering to the practices, please let us know.