The Software Assurance Forum for
Excellence in Code (SAFECode) has set up an international board
of advisors to help advance software assurance methods.
The announcement at the RSA Conference Europe in London comes a
year after major IT suppliers set up the non-profit
organisation.
SAFECode is dedicated to increasing trust in information and
communications technology products and services through the
advancement of secure software development practices and effective
assurance methods.
SAFECode's international board of advisors includes
representatives of government agencies, private-sector
organisations and academic institutions from around the world.
Paul Kurtz, executive director of SAFECode, said the board will
help guide the organisation's efforts to improve the security and
integrity of software.
"We share a common belief that software assurance plays a vital
role in strengthening the security of our information
infrastructure and we are thrilled to have the opportunity to
leverage the diverse expertise and insight of this board," he
said.
SAFECode members are EMC, Juniper Networks, Microsoft, Nokia,
SAP, and Symantec.
Kurtz said these organisations work under non-disclosure
agreements to share information on best practices for developing
secure code and would welcome new members, including experts from
the open source community.
"We would like to expand and are most interested in
organisations who develop software every day, which includes those
in the open source community and outside the US and Europe," he
said.
SafeCode has published a guide to the most effective secure
development practices in use today drawn for the collective
experience of its membership.
The organisation plans to concentrate on ways of developing a
secure supply chain, the value of industry certifications, and
further research and development around secure coding practice,
said Kurtz.
What is SAFECode?
The Software Assurance Forum for Excellence in Code (SAFECode)
is a non-profit organization exclusively dedicated to increasing
trust in information and communications technology products and
services through the advancement of effective software assurance
methods. SAFECode is a global, industry-led effort to identify and
promote best practices for developing and delivering more secure
and reliable software, hardware and services.Its members include
EMC Corporation, Juniper Networks, Inc., Microsoft Corp, Nokia, SAP
AG and Symantec Corp.
SAFECode board of advisors
- William C. Barker, Chief Cyber Security Advisor, National
Institute of Standards and Technology
- Matt Bishop, Professor, Department of Computer Science,
University of California, Davis
- Paul Dorey, Director, CSO Confidential & Chairman of the
Institute of Information Security Professionals
- Claudia Eckert, Professor, Fraunhofer Institute for Secure
Information Technology
- Zoltán Hornák, Budapest University of Technology and Economics,
SEARCH Security Evaluation Analysis and Research Laboratory
- Alan Paller, Director of Research, SANS Institute
- Joachim Posegga, Chair of IT-Security, Institute for IT
Security and Security Law (ISL), University of Passau
- Juha Röning, Professor, University of Oulu (Finland)
- Reijo Savola, Network and Information Security Research
Coordinator, VTT Technical Research Centre of Finland
- Dan S. Wallach, Associate Professor, Department of Computer
Science, Rice University (Houston, Texas)