This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Industry:SAFECode Secure Development Practices (update to Oct 2008 version)

Revision as of 16:57, 3 July 2009 by Clerkendweller (talk | contribs) (New page)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Return to Global Industry Committee

Activity Name SAFECode Secure Development Practices (update to Oct 2008 version)
Short Description Provide response to to SAFECode "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today."
Related Projects None
Email Contacts & Roles Primary
Colin Watson
Mailing list
Please use the Industry Committee list
  • Review current document
  • Where appropriate, draft a response for submission
  • Submit the response as an official OWASP statement
  • 3 July 2009 - Circulate to OWASP lists for comment
  • 12 July 2009 - Produce initial (1st) draft response
  • 17 July 2009 - Produce interim (2nd) draft response
  • 23 July 2009 - Deadline for comments from OWASP lists
  • 23 July 2009 - Complete final draft response
  • 23 July 2009 - Submit for approval by Global Industry Committee
  • 30 July 2009 - Submit to SAFECode
  • In Progress
Resources Invitation to comment, summary below.
  • Are there any best practices you feel should be added to the paper? Please explain.
  • Would you make any changes to the practices listed in any of the [Requirements, Design, Programming, Testing, Code Integrity and Handling, Documentation] sections? Please explain.
  • Is there anything else not covered above you would like SAFECode to consider in its second version of the paper?

Current (Oct 2008) document

Submit comments using SAFECode feedback form.

Submission Response

Latest first

Final version

Draft Text version 2

Draft Text version 1

Comments and Suggestions

Add here please


In October 2008, SAFECode released "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today." Based on an analysis of the individual software assurance efforts of SAFECode members, the paper outlines a core set of secure development practices that can be applied across diverse development environments to improve software security.

The brief and highly actionable paper describes each identified security practice across the software development lifecycle - Requirements, Design, Programming, Testing, Code Handling and Documentation - and offers implementation advice based on the real-world experiences of SAFECode members.

Due to the overwhelmingly positive response to the paper's publication, as well as the rapidly evolving information security environment, SAFECode will be releasing an updated version of the paper in late 2009.

In our continued effort to make the paper's recommendations as useful and relevant as possible, we would like to offer experts outside of our membership an opportunity to provide input into the paper's next version. To submit your comments, please visit

We will be accepting comments until July 31, 2009.

Return to Global Industry Committee