Communications of the ACM
Microsoft, It Industry Push Software Security Standard
Even as SAFECode announced support of initiatives to make the development of secure software more attainable to small software producers, Microsoft said it is backing the ISO 27034 standard defining how to structure secure software development programs.
Credit: alexyndr-Fotolia
The Software Assurance Forum for Excellence in Code (SAFECode) is supporting two initiatives that aim to make the process of developing secure software more attainable to smaller software makers.
Meanwhile, Microsoft announced its support for ISO 27034, an international standard that defines how to structure secure software development programs.
Microsoft's Tim Rains says the moves highlight the need for developers to start designing security into their products from the beginning.
The ISO 27034 standard provides organizations with a foundation for setting security requirements for the purchase of software. "This is a standard focused on software development, and the first one of its kind to focus on processes and frameworks really needed to develop a comprehensive software security program around development," Smith says.
SAFECode has released six training modules that introduce programmers and project managers to secure development practices, and forthcoming modules will offer more advanced instruction. "Having some manager folks--who may not be developers but help manage the groups--understand that this is not something that you build on later, but a necessity that you build in from the outset, is important," says SAFECode director Howard Schmidt.
From eWeek
View Full Article
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found