European Commission and UK government experts gave a muted, cautious welcome to the Safecode Forum, a software...
industry initiative to improve the quality of program code.
Safecode is the software industry's attempt to avoid the threat of legislation that would make it liable for poor-quality code. So far, five firms have contributed £25,000 each to Safecode, which is headed by former White House security advisor Paul Kurz.
Andrea Servida, the deputy head of the European Commission's Information, Society and Media directorate, said that perhaps the software sector was "still a little immature" and had not had the time to develop processes and standards for developing robust code.
Harvey Mattinson, head of policy, standards and compliance at the Cabinet Office's Central Sponsor for Information Assurance (CSIA), noted that the £125,000 in sponsorship collected so far "was not there a year ago". The CSIA is the driving force behind the government's National Information Assurance strategy (NIAS).
Paul Mallinson, senior security analyst for Microsoft's Trusted Computing initiative, said the amount of money firms were putting into SafeCode was not the issue. Rather it was the quality of the people who were representing their firms at Safecode gatherings. For Microsoft this would be Michael Howard, securities issues blogger and co-author with Steve Lipner, manager of Microsoft's security response center of The Security Development Lifecycle.
Eric Baize, senior director of product security at EMC, said he would represent his firm at Safecode meetings, aided by a team of technical experts.
EMC, Juniper Networks, Microsoft, SAP and Symantec have set up the forum to develop and share best practice for writing software to improve the quality of code and ultimately users' trust in IT and communications products.