RSA 2007: Government gives muted welcome to secure code initiative


RSA 2007: Government gives muted welcome to secure code initiative

Ian Grant

European Commission and UK government experts gave a muted, cautious welcome to the Safecode Forum, a software industry initiative to improve the quality of program code.

Safecode is the software industry's attempt to avoid the threat of legislation that would make it liable for poor-quality code. So far, five firms have contributed £25,000 each to Safecode, which is headed by former White House security advisor Paul Kurz.

Andrea Servida, the deputy head of the European Commission's Information, Society and Media directorate, said that perhaps the software sector was "still a little immature" and had not had the time to develop processes and standards for developing robust code.

Harvey Mattinson, head of policy, standards and compliance at the Cabinet Office's Central Sponsor for Information Assurance (CSIA), noted that the £125,000 in sponsorship collected so far "was not there a year ago". The CSIA is the driving force behind the government's National Information Assurance strategy (NIAS).

Paul Mallinson, senior security analyst for Microsoft's Trusted Computing initiative, said the amount of money firms were putting into SafeCode was not the issue. Rather it was the quality of the people who were representing their firms at Safecode gatherings. For Microsoft this would be Michael Howard, securities issues blogger and co-author with Steve Lipner, manager of Microsoft's security response center of The Security Development Lifecycle.

Eric Baize, senior director of product security at EMC, said he would represent his firm at Safecode meetings, aided by a team of technical experts.

EMC, Juniper Networks, Microsoft, SAP and Symantec have set up the forum to develop and share best practice for writing software to improve the quality of code and ultimately users' trust in IT and communications products.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy