IT industry creates secure coding advocacy group

A handful of major information technology companies announced in London today the formation of an industry organization to develop and share best practices for secure software development.

Many companies have internal programs to improve the quality of the code they are producing, but a lack of communication has limited their effectiveness, said former White House cybersecurity adviser Paul Kurtz, executive director at the Software Association Forum for Excellence in Code. SAFEcode will be a nonprofit technical organization that will develop best practices and draw parallels between practices at member companies. Founders also expect to help establish educational programs and curriculum for good coding, Kurtz said.

Founding members are Microsoft, Symantec, EMC, Juniper Networks and SAP.

The companies began discussing the organization about six months ago. The announcement was made at the RSA Europe security conference in London to emphasize the fact that it will be a global organization, Kurtz said.

Security professionals have complained for years that a major problem in IT security is the quality of the underlying software and have been calling for improvements in the code. Programs developed to stringent standards would produce a higher level of assurance than patching vulnerabilities after the fact can provide. Many companies have taken these complaints seriously and made efforts to improve the quality of their products, but because of the complexity of code, software patches remain a fact of cyberlife.

'This is a process that will be under way for a very long time,' Kurtz said. 'In fact, it will be continuous.'

Reaching the next level of progress will require cooperation among companies and with government and academia, and that is what SAFEcode is intended to enable, Kurtz said.

Kurtz, who left the Cyber Security Industry Alliance at the beginning of the year to join Good Harbor Consulting, said Good Harbor will provide back-room administrative resources for SAFEcode.

The Cyber Security Industry Alliance, another IT industry organization, was a lobbying organization focused on legislative and governmental policy. SAFEcode is strictly a technical organization, Kurtz said. 'We do not have the ability to lobby, nor do we want to lobby.'

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.