Attention: We have retired the ASP.NET Community Blogs. Learn more >

SAFECode and Security Best Practices

hi people,

Do you remember the last time you have developed an application with absolutelly no worries about security ? when you could trust the user input? when you were not worried about sql injection attacks? string attacks? dropdown list modifications? You are right, (if you ever did this) probably it must have been a long long time ago.

Security nowadays IS PART of the regular software development application. It is no more something to worry about only when the application is deployed or attacked. Security is a development-phase concern. Security skills are part of the normal software developer skills and if you are a developer and it is not yours, start learning about security right now.

The thing is: How and where to learn about security? What are the best practices for security in software development? What if I am a Java programmer, Microsoft recommendations apply to me? I use SAP, why should I worry about security?

My friends, I present to you (or at least to those who haven't heard of it yet) SAFECode.

SAFECode or Software Assurance Forum for Excellence in Code is a consortium formed by many big names in the world, including those I told you before. People like Symantec, SAP, EMC and of course Microsoft are part of it.

Together those companies created internal teams and they interact with eachother using SAFECode as an organisational interface and they as a whole share and develop best practices to be recommended to write safer and better products.

Last week SAFECode released their first whitepaper with the best practices for a better and more secure software. That's a very interesting document. Why? because if you take your time to read it, you will notice how similar are the methodologies of those companies.

Hopefully this initiative will grow better and stronger. Maybe one day we will not talk about Microsoft Recommended Best Practices but we will start referring to an Universal Recomended Best Practice? Only time will tell. (and the market forces, of course)

If you are interested take a look at the document here and let us know your ideas ok?

See you later.

No Comments