-
ZDI-CAN-25849: Lexmark
A CVSS score 7.0 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘nella17 (@nella17tw), working with DEVCORE Internship Program, and DEVCORE Research Team’ was reported to the affected vendor on: 2024-12-18, 17 days ago. The vendor is given until 2025-04-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate…
-
Preparing for Post-Quantum Cryptography: Key Takeaways from SAFECode’s Working Group
As we mentioned in a previous blog, SAFECode’s post-quantum cryptography (PQC) working group has reached a milestone. NIST has standardized its first wave of post-quantum encryption algorithms, and our working group has identified key activities that will enable our members to manage the transition to quantum-resistant cryptography and adapt to the emergence of new algorithms…
-
The PQC Algorithm FIPS are Published – Now What?
By Brian Rosenberg, RTX Corporation and Judith Furlong, Dell Technologies with Matthew Lyon, Dell Technologies; Steve Lipner, SAFECode Introduction We made it – this far! The U.S National Institute of Standards and Technology (NIST) recently published the Federal Information Processing Standards (FIPS) for three post-quantum cryptography (PQC) algorithms, marking the end of the beginning of…
-
Celebrating Dedication and Innovation: Highlights from SAFECode Day 2024
Over 50 SAFECode members and industry leaders came together for a dynamic SAFECode Day 2024! The event featured exciting project updates, lively discussions, and an inspiring keynote from Anne Neuberger, Deputy Assistant to the President, who emphasized the crucial role of cybersecurity in today’s digital landscape. It was great to hear our members share their…
-
Secure by Design? The U.S. Government and Requirements for Secure Development
The last two months have seen the release of three new U.S. Government documents related to software security: The National Cybersecurity Strategy released in early March covers the landscape of cybersecurity concerns and introduces the concept of shifting the liability for insecure software products and services from consumers to suppliers. In mid-April, The Cybersecurity and…
-
Threat Modeling at Scale
According to the Threat Modeling Manifesto, Threat Modeling is an activity “for analyzing representations of a system to highlight concerns about security and privacy and if applicable, safety characteristics”. Threat modeling is a crucial activity of the secure development lifecycle (SDL) for identifying and mitigating weaknesses and potential security vulnerabilities. Threat modeling is most effective…
-
New SAFECode Member Council to Ensure Greater Industry Collaboration on Software Security
Oracle’s John Heimann and Siemens Energy’s Manuel Ifland Elected to Lead the Member Council WAKEFIELD, Mass. – March 6, 2024 – SAFECode has announced a new Member Council to direct its industry-led efforts to advance software security practices. Chaired by John Heimann, Vice President of Security Program Management at Oracle, and Vice Chaired by Manuel…
-
Navigate the Executive Order 14028 Era of Software Security
May 12, 2021 was a pivotal moment in cybersecurity history. The White House published Executive Order 14028 (EO 14028), a landmark document with an aggressive stance designed to advance the cybersecurity conversation1. While the document focuses on US federal government agencies and the companies that supply them, it’s a useful reference for those around the…
-
Thoughts on Executive Order 14028: Attestation and Software Security
For the last few weeks, SAFECode has been discussing a number of government initiatives related to software security assurance. This is the first of several blogs that we will be publishing to share our perspective and recommendations for approaches that will help governments and other organizations gain confidence in the software that they acquire and…
-
Oracle Joins SAFECode; Raytheon Accepts Board Seat
Members Work Together to Improve and Promote Effective Software Security Practices WAKEFIELD, MA. – July 28, 2022 – The Software Assurance Forum for Excellence in Code (SAFECode) recently welcomed Oracle as an associate member and elevated Raytheon Technologies to a seat on the SAFECode Board of Directors as a charter member. Along with Oracle, other recent new…