We’ve posted before on the work of SAFECode, a non-profit organization of software vendors who seek to share their approaches to improving the security and assurance of software. In a pair of recent blog posts on the SAFECode blog, Eric Baize of EMC and I discuss effective ways for software acquirers to tell that their suppliers are actually using effective measures to improve their products’ security. I thought that followers of this blog would be interested in these two posts.
- Software Vulnerabilities: Never Say “never” (Eric Baize)
- Software Assurance: How can you tell? (Steve Lipner)