Updated SAFEcode Development Practices Paper

Last week, SAFECode released a large update to the “Fundamental Practices for Secure Software Development” paper. The paper helps software development teams create more secure software.

Not only did SAFECode members overhaul the paper’s technical content, the group also added Common Weakness Enumeration (CWE) references and details about verification tools and techniques to determine if a development team is adhering to the practices.

In my opinion, the paper is unique and important in that it describes what SAFECode members are doing in practice to raise the security bar; it’s deeply pragmatic and not a theoretical or academic document.

SAFECode is also actively seeking public comment on the paper, especially in the verification sections. If you know of specific tools or techniques to help determine if a software development team is adhering to the practices, please let us know.

About the Author
Michael Howard

Principal Security Program Manager

Michael Howard is a principal security program manager on the Trustworthy Computing (TwC) Security team at Microsoft, where he is responsible for managing secure design, programming, and testing techniques across the company. Michael is an architect of the Security Development Read more »

Join the conversation

  1. Anonymous


Comments are closed.