This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Industry:SAFECode Secure Development Practices (update to Oct 2008 version)
Return to Global Industry Committee
ACTIVITY IDENTIFICATION | |||
---|---|---|---|
Activity Name | SAFECode Secure Development Practices (update to Oct 2008 version) | ||
Short Description | Provide response to to SAFECode "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today." | ||
Related Projects | None | ||
Email Contacts & Roles | Primary Colin Watson |
Secondary |
Mailing list Please use the Industry Committee list |
ACTIVITY SPECIFICS | |||
---|---|---|---|
Objectives |
| ||
Deadlines |
| ||
Status |
| ||
Resources | Invitation to comment, summary below.
Submit comments using SAFECode feedback form. |
Submission Response
Latest first
Final version
Draft Text version 2
Draft Text version 1
Comments and Suggestions
Add here please
Invitation
In October 2008, SAFECode released "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today." Based on an analysis of the individual software assurance efforts of SAFECode members, the paper outlines a core set of secure development practices that can be applied across diverse development environments to improve software security.
The brief and highly actionable paper describes each identified security practice across the software development lifecycle - Requirements, Design, Programming, Testing, Code Handling and Documentation - and offers implementation advice based on the real-world experiences of SAFECode members.
Due to the overwhelmingly positive response to the paper's publication, as well as the rapidly evolving information security environment, SAFECode will be releasing an updated version of the paper in late 2009.
In our continued effort to make the paper's recommendations as useful and relevant as possible, we would like to offer experts outside of our membership an opportunity to provide input into the paper's next version. To submit your comments, please visit http://www.safecode.org/feedback.php.
We will be accepting comments until July 31, 2009.
Return to Global Industry Committee