Processes and Practices Working Group

Activities

Incorporating Security in the Software Life Cycle

Enhancing the Development Life Cycle to Produce Secure Software Version 2 was released October 3, 2008. A free download can be accessed via the Data and Analysis Center for Software (DACS). This document was collaboratively developed by Software Assurance stakeholders in government, industry and academia. It is intended solely as a source of information and is not a proposed standard, directive, or policy from any federal government organization. This document will continue to evolve with usage and changes in practice; therefore, comments on its utility and recommendations for improvement will always be welcome.

Fundamental Practices for Secure Software Development: A Guide to the Most Effective Secure Development Practices in Use Today was released October 8, 2008 by the Software Assurance Forum for Excellence in Code (SAFECode). Based on an analysis of the individual software assurance efforts of SAFECode members, the paper outlines a core set of secure development practices that can be applied across diverse development environments to improve software security. A free PDF download of the paper is available.