Software Security at EMC: The Journey So Far

As the lead of the Product Security Assurance team at EMC, I am often asked to talk about our software security practices. While previously we have shared our practices with industry presentations, SAFECode papers, etc., I thought now is as good a time as ever to write a blog post to … READ MORE

Reeny Sondhi June 25th, 2013

Software Security Training for All

 Fifteen years ago, a common representation of the hacker was a computer science college student hacking systems from his or her dorm room. Nowadays hackers operate on a different scale; they are more often affiliated to criminal organizations or to nation states than to colleges or universities. The only thing … READ MORE

Eric Baize May 14th, 2013

SAFECode Welcomes Howard Schmidt

Today, SAFECode announced the appointment of Howard Schmidt as its new Executive Director. At a time when Cybersecurity has become a top priority for governments in the US and around the world, Howard’s experience and reputation will help SAFECode be more effective in promoting proven software assurance practices across the … READ MORE

Eric Baize February 25th, 2013

Real Software Does Have Bugs (and Vulnerabilities Too)

I was recently interviewed by a business journalist at CNBC for a story on high-profile software glitches that impacted operations of a trading company and an airline. The interviewer was seeking insights into the relationship between these glitches and security. These interviews are always a refreshing opportunity to explain complex … READ MORE

Eric Baize September 6th, 2012

SAFECode Releases Software Security Guidance for Agile Practitioners

In the Product Security Office, we often get questions from developers across the industry on how to apply EMC’s Security Development Lifecycle to an Agile development model. Software security practices have been traditionally considered as suitable for serial waterfall development methodologies and there has been a lot of debate in … READ MORE

Reeny Sondhi July 26th, 2012

Happy Anniversary to Microsoft Trustworthy Computing Initiative

Ten years ago this month, Bill Gates issued a memo to all Microsoft employees announcing the Trustworthy Computing Initiative. Development was halted for several weeks to review code and to train Microsoft software engineers on security. This memo was later followed by the publication of Microsoft’s Security Development Lifecycle, as … READ MORE

Eric Baize January 25th, 2012

Software Security Meets Critical Infrastructure

This week, SAFECode announced the addition of Siemens as its newest member. SAFECode, the Software Assurance Forum for Excellence in Code was co-founded by EMC and other leading technology providers in 2007, to advance the adoption of effective software assurance methods. Siemens joins Adobe, EMC, Juniper Networks, Microsoft, Nokia, SAP … READ MORE

Eric Baize November 8th, 2011

Secure Software Development Practices: Make Room on your Bookshelf

When I started EMC’s product security initiative more than eight years ago, useful information on the topic was scarce and my technical bookshelf was limited to “Writing Secure Code” by Microsoft’s Michael Howard and David LeBlanc, some work form Cigital’s Gary McGraw and an interview of Oracle’s MaryAnn Davidson. A … READ MORE

Eric Baize February 10th, 2011

The Case for Supply Chain Integrity

A couple of recent incidents are shedding some light on the complexity of ensuring software code integrity throughout the supply chain. In the first incident, nothing more than a USB battery charger connected to an USB port can turn your PC into a zombie under the control of attackers (see … READ MORE

Eric Baize March 15th, 2010

Defining Software Assurance

The term “software assurance” is often used interchangeably with the term “software security” to refer to the practices of avoiding and detecting unintentional vulnerabilities during the software development process. In a report published on July 29th, 2009 and entitled “The Software Supply Chain Integrity Framework – Defining Risks and Responsibilities … READ MORE

Eric Baize July 29th, 2009

An Opportunity to Influence the Art of Secure Software Development

Until the end of July, all who have a passion for software assurance can turn their passion into an opportunity to influence the content of one of the foremost reference documents on the topic. The first version of the report “Fundamental Practices for Secure Software Development”, published by the Software … READ MORE

Eric Baize July 8th, 2009
Click to Load More