Software firms including Microsoft, EMC, SAP, Juniper and Symantec are establishing a forum to best practice in product and services development with governments and academics, in an effort to boost the security of the wider IT infrastructure.
Announcing the move at the RSA Security conference in London, they said the talking shop would be called the Software Assurance Forum for Excellence in Code (SAFECode). It will exchange data on security threats and try to formulate new ways to build secure code.
The founders, who will each make an annual £25,000 investment in the initiative, claim SAFECode is the first global, industry-led push to identify and share best practices for software, hardware and services development.
SAFECode will be headed by security expert Paul Kurtz, currently a partner at Good Harbour Consulting, who has also served in senior positions on the White House’s National Security and Homeland Security Councils and was a founding executive director at the Cyber Security Industry Alliance.
"It’s not a standards body or a lobbying organisation. By promoting the individual best practices of firms we get the greatest chance to improve overall best practices,” said Kurtz. While individual vendors have developed effective methods for developing and delivering more secure and reliable software, most have worked in isolation.
The technology heavyweights are calling on other vendors to join the non-profit organisation, as well as governments and critical infrastructure providers.
The organisation will form three groups, with one technical in nature, one that will deal with issues of public policy, and one that will work alongside advisory groups for government, academia and critical infrastructure providers.
On the question of whether the open source community would be able to join, Kurtz said: “Anyone is welcome to work with us. There are security concerns in the open source world too.”