The Software Assurance Forum for Excellence in Code (SAFECode) released "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today." Based on an analysis of the individual software assurance efforts of SAFECode members, the paper outlines a core set of secure development practices that can be applied across diverse development environments to improve software security. The secure development practices defined in the paper include guidelines for web-based, shrink-wrapped and database applications, as well as operating systems and embedded systems.
SAFECode is a non-profit organization dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods, today. Symantec is a founding member of SAFECode and our participation is one of several efforts we undertake to encourage the adoption of safe coding practices. A full copy of the paper is available for download at http://www.safecode.org/publications/SAFECode_Dev_Practices1008.pdf.
Oct. 08, 2008