SAFECode Goes to Washington
Posted by David Lenoe, Director of Adobe Secure Software Engineering and SAFECode Board Member
On a recent trip to Washington, DC, I had the opportunity to participate in a series of meetings with policymakers on Capitol Hill and in the Administration to discuss SAFECode’s (Software Assurance Forum for Excellence in Code) role in and commitment to improving software security. If you’re not familiar with SAFECode, I encourage you to visit the SAFECode website to learn more about the organization. At a high level, SAFECode advances effective software assurance methods, and identifies and promotes best practices for developing and delivering more secure and reliable software, hardware, and services in an industry-led effort.
The visit to DC was set up to promote some of the work being done across our industry to analyze, apply, and promote the best mix of software assurance technology, process, and training. Along with some of my colleagues from EMC and CA Technologies, we spent the beginning of the trip at the Software and Supply Chain Assurance Working Group, where we presented on the topic of software assurance assessment. The premise of our presentation was that there is no one-size-fits-all approach to software assurance, and that a focus on the supplier’s software assurance process is the right way to assess the maturity of an organization when it comes to software security.
One of the other important aspects we discussed with policymakers was SAFECode’s role in promoting the need for security education and training for developers. We are considering ways to support the expansion of software security education in university programs and plan to add new offerings to the SAFECode Security Engineering training curriculum, a free program aimed at helping those looking to create an in-house training program for their product development teams as well as individuals interested in enhancing their skills.
Overall, this was a very productive trip, and we look forward to working with policymakers as they tackle some of the toughest software security issues we are facing today.