European Commission and UK government experts gave a
muted, cautious welcome to theSafecode Forum, a software industry
initiative to improve the quality of program code.
Safecode is the software industry's attempt to avoid the threat
of legislation that would make it liable for poor-quality code. So
far, five firms have contributed £25,000 each to Safecode, which is
headed by former White House security advisor Paul Kurz.
Andrea Servida, the deputy head of the European Commission's
Information, Society and Media directorate, said that perhaps the
software sector was "still a little immature" and had not had the
time to develop processes and standards for developing robust
code.
Harvey Mattinson, head of policy, standards and compliance at
the Cabinet Office's Central Sponsor for Information Assurance
(CSIA), noted that the £125,000 in sponsorship collected so far
"was not there a year ago". The CSIA is the driving force behind
the government's
National Information Assurance strategy (NIAS).
Paul Mallinson, senior security analyst for Microsoft's Trusted
Computing initiative, said the amount of money firms were putting
into SafeCode was not the issue. Rather it was the quality of the
people who were representing their firms at Safecode gatherings.
For Microsoft this would be
Michael
Howard,
securities issues
blogger and co-author with Steve Lipner, manager of Microsoft's
security response center of
The Security Development Lifecycle.
Eric Baize, senior director of product security at EMC, said he
would represent his firm at Safecode meetings, aided by a team of
technical experts.
EMC,
Juniper Networks,
Microsoft, SAP and Symantec have set up the forum to develop
and share best practice for writing software to improve the quality
of code and ultimately users' trust in IT and communications
products.