Article

Secure software development practices 'not rocket science'

Colleen Frye

What happens when a bunch of software industry leaders put their heads together to address the ever-thorny issue of software security? They find they share a lot of common practices that can be applied across diverse environments.

    Requires Free Membership to View

SAFECode's guide isn't a list of best practices. This is a list of things actually being done and shown to be demonstrably secure.
Michael Howard
Microsoft's Trustworthy Computing Group

"That's the coolest part of the story," said Michael Howard, a principal security program manager in Microsoft's Trustworthy Computing Group and a contributor to the recent document "Fundamental Practices for Secure Software Development." This guide to secure development practices was released by the nonprofit Software Assurance Forum for Excellence in Code (SAFECode), which was founded last year and includes EMC, Juniper Networks, Microsoft, Nokia, SAP, and Symantec as members.

There are two striking aspects to SAFECode's guide, Howard said. "For the first time ever you see the industry agree on something from a security perspective and document it." And, he added, "This isn't a list of best practices. This is a list of things actually being done and shown to be demonstrably secure."

The guide details security practices for each stage of the software development lifecycle, which Howard said can be applied to any type of software development.

"That's one of the beauties of this document," he said. "The common ground between all the companies makes it applicable to any software out there — database applications or Web applications or embedded systems. And the way we laid it out, I think it will be relatively straightforward for developers, which is why we included links in the document."

SAFECode's recommended practices across the lifecycle are as follows:

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: