We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
RSA 2007: Software firms to share security best practice

RSA 2007: Software firms to share security best practice

SAFECode is first industry-led shared security effort

Article comments

Software firms including Microsoft, EMC, SAP, Juniper and Symantec are establishing a forum to best practice in product and services development with governments and academics, in an effort to boost the security of the wider IT infrastructure.

Announcing the move at the RSA Security conference in London, they said the talking shop would be called the Software Assurance Forum for Excellence in Code (SAFECode). It will exchange data on security threats and try to formulate new ways to build secure code.

The founders, who will each make an annual £25,000 investment in the initiative, claim SAFECode is the first global, industry-led push to identify and share best practices for software, hardware and services development.

SAFECode will be headed by security expert Paul Kurtz, currently a partner at Good Harbour Consulting, who has also served in senior positions on the White House’s National Security and Homeland Security Councils and was a founding executive director at the Cyber Security Industry Alliance.

"It’s not a standards body or a lobbying organisation. By promoting the individual best practices of firms we get the greatest chance to improve overall best practices,” said Kurtz. While individual vendors have developed effective methods for developing and delivering more secure and reliable software, most have worked in isolation.

The technology heavyweights are calling on other vendors to join the non-profit organisation, as well as governments and critical infrastructure providers.

The organisation will form three groups, with one technical in nature, one that will deal with issues of public policy, and one that will work alongside advisory groups for government, academia and critical infrastructure providers.

On the question of whether the open source community would be able to join, Kurtz said: “Anyone is welcome to work with us. There are security concerns in the open source world too.”

Share:

Comments

Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *