SAFECode seeks comment on guide to secure development practices

The Software Assurance Forum for Excellence in Code (SAFECode), a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods, today issued a call for comments on its “Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today.”

Originally released in October 2008, the paper outlines a core set of secure development practices that can be applied across diverse development environments to improve software security. Due to the positive response to the paper’s publication, as well as the rapidly evolving information security environment, SAFECode will be releasing an updated version in late 2009.

SAFECode is offering experts outside of its membership an opportunity to provide input into the paper’s next version in its continued effort to make the recommendations as useful and relevant as possible.

The brief and highly actionable paper describes each identified security practice across the software development lifecycle – Requirements, Design, Programming, Testing, Code Handling and Documentation – and offers implementation advice based on the experiences of SAFECode members.

To submit your comments go here. SAFECode will be accepting comments until July 31, 2009.