SAFECode, the Software Assurance Forum for Excellence in Code, introduced its first white paper, "Software Assurance: An Overview of Current Industry Best Practices."
The organization was founded by Microsoft, Symantec, EMC, SAP and Juniper to advance understanding and practices related to secure development and integrity controls. Our goal is to raise the security bar across the software industry to reduce vulnerabilities.
There is a small number of working groups within SAFECode, and I am very pleased to chair the Development Processes working group.
Over time, SAFECode will produce many resources to help raise the state-of-the-art in software security.
SAFECode is a great example of "industry helping industry," because it is led by people who have "been there, done that" and have the battle scars to prove it. All members have had security vulnerabilities and learned from the vulnerabilities and changed their processes to help deliver more secure code for customers.
A big benefit is SAFECode is it is not an academic or theoretical endeavor, everything produced by SAFECode will be practical and most importantly, known to improve software security.
Blog entry: http://blogs.msdn.com/michael_howard/archive/2008/02/14/introducing-safecode.aspx