-
Ultimate guide to CI/CD: Fundamentals to advanced implementation
Continuous integration/continuous delivery (CI/CD) has revolutionized how software teams create value for their users. Gone are the days of manual deployments and integration headaches — modern development demands automation, reliability, and speed. At its core, CI/CD is about creating a seamless pipeline that takes code from a developer’s environment all the way to production and…
-
Best Courses for Java Developers
Tired of the same predictable and monotonous Java tutorials? So was I. I used to think all Java courses were the same. Endless tutorials where someone talks about getters and setters in a monotonous, robotic voice while you put all of your effort into just trying to stay awake. After months of intensive research and…
-
Preparing for Post-Quantum Cryptography: Key Takeaways from SAFECode’s Working Group
As we mentioned in a previous blog, SAFECode’s post-quantum cryptography (PQC) working group has reached a milestone. NIST has standardized its first wave of post-quantum encryption algorithms, and our working group has identified key activities that will enable our members to manage the transition to quantum-resistant cryptography and adapt to the emergence of new algorithms…
-
Celebrating Dedication and Innovation: Highlights from SAFECode Day 2024
Over 50 SAFECode members and industry leaders came together for a dynamic SAFECode Day 2024! The event featured exciting project updates, lively discussions, and an inspiring keynote from Anne Neuberger, Deputy Assistant to the President, who emphasized the crucial role of cybersecurity in today’s digital landscape. It was great to hear our members share their…
-
The PQC Algorithm FIPS are Published – Now What?
By Brian Rosenberg, RTX Corporation and Judith Furlong, Dell Technologies with Matthew Lyon, Dell Technologies; Steve Lipner, SAFECode Introduction We made it – this far! The U.S National Institute of Standards and Technology (NIST) recently published the Federal Information Processing Standards (FIPS) for three post-quantum cryptography (PQC) algorithms, marking the end of the beginning of…
-
Threat Modeling at Scale
According to the Threat Modeling Manifesto, Threat Modeling is an activity “for analyzing representations of a system to highlight concerns about security and privacy and if applicable, safety characteristics”. Threat modeling is a crucial activity of the secure development lifecycle (SDL) for identifying and mitigating weaknesses and potential security vulnerabilities. Threat modeling is most effective…
-
Secure by Design? The U.S. Government and Requirements for Secure Development
The last two months have seen the release of three new U.S. Government documents related to software security: The National Cybersecurity Strategy released in early March covers the landscape of cybersecurity concerns and introduces the concept of shifting the liability for insecure software products and services from consumers to suppliers. In mid-April, The Cybersecurity and…
-
Thoughts on Executive Order 14028: Attestation and Software Security
For the last few weeks, SAFECode has been discussing a number of government initiatives related to software security assurance. This is the first of several blogs that we will be publishing to share our perspective and recommendations for approaches that will help governments and other organizations gain confidence in the software that they acquire and…
-
Security Capabilities to Support Code Integrity
By Kelly FitzGerald, Raytheon Technologies; Altaz Valani, Security Compass; Elena Kravchenko, Imperva; Matthew Lyon, Dell Technologies; Ashwini Siddhi, Dell Technologies Introduction In our previous blog posts, we defined the code integrity problem statement and the basic principles of code integrity. As our series continues, we will define a framework of layered security capabilities to support…
-
Oracle Joins SAFECode; Raytheon Accepts Board Seat
Members Work Together to Improve and Promote Effective Software Security Practices WAKEFIELD, MA. – July 28, 2022 – The Software Assurance Forum for Excellence in Code (SAFECode) recently welcomed Oracle as an associate member and elevated Raytheon Technologies to a seat on the SAFECode Board of Directors as a charter member. Along with Oracle, other recent new…