All, I wanted to let you know that the Software Assurance Forum for Excellence in Code (SAFECode) will be accepting comments on its paper, "Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today," through the end of July.
As background, SAFECode originally released this paper in October 2008. It outlines a core set of secure development practices that can be applied across diverse development environments to improve software security and is based on an analysis of the individual software assurance efforts of SAFECode members. The brief paper describes each identified security practice across the software development lifecycle Requirements, Design, Programming, Testing, Code Handling and Documentation and offers implementation advice based on the experiences of SAFECode members. SAFECode will be releasing an updated version of the paper in late 2009, and in an effort to make the paper¹s recommendations as useful and relevant as possible, we are offering experts outside of our membership an opportunity to provide input into the paper¹s next version. If you would like to review the paper and/or submit comments, please visit: http://www.safecode.org/feedback.php We will be accepting comments until July 31, 2009. Thanks, Stacy Simpson SAFECode st...@safecode.org +1 703-812-9199 _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________