SAFECode Shares Experiences with Security Engineering Training
New Paper Offers a Framework for Corporate Training Programs on Secure Software Development
“Security Engineering Training: A Framework for Corporate Training Programs on the Principles of Secure Software Development” outlines the fundamentals of a security engineering training program based on an analysis of the shared experiences of SAFECode members. It is not meant to provide a curriculum, but rather a framework that can be put into place to facilitate successful training initiatives across diverse corporate cultures, development environments and product requirements. Companies can use the framework to focus on the knowledge and skills that are most important to the needs of their programs, and thus meet their corporate objectives.
“Ensuring that every person involved in defining and building software applications has the security knowledge required to do it in a secure manner is fundamental to the success of software assurance programs,” said
An analysis of the software assurance programs of SAFECode members revealed that each successful effort has been supported by internally developed security engineering training directed at those responsible for the development of the software they produce, including product managers, project managers, architects/designers, developers and testers. While the review of the training efforts of SAFECode members demonstrated that internal training programs are most effective when customized to unique corporate needs, the programs share common elements that can greatly contribute to overall success. The most important of these was the need to create a solid base of foundational knowledge across the entire product team. Every SAFECode member has found that this level of awareness training is critical to establishing a security-aware culture and changing the specific behaviors of developers and assurance professionals.
“The lack of security engineering awareness and education among the software engineering workforce can be a significant obstacle to information and communications technology corporations working to implement effective software assurance programs,” said
A full copy of “Security Engineering Training: A Framework for Corporate Training Programs on the Principles of Secure Software Development” is available for free download at http://www.safecode.org/publications.php. SAFECode will update the paper periodically to reflect changes in the software assurance landscape and its work on advancing security engineering education and training.
The Software Assurance Forum for Excellence in Code (SAFECode) is a non-profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods. SAFECode is a global, industry-led effort to identify and promote best practices for developing and delivering more secure and reliable software, hardware and services. Its members include EMC Corporation, Juniper Networks, Inc., Microsoft Corp., Nokia, SAP AG and Symantec Corp. For more information, please visit www.safecode.org.
Product and service names mentioned herein are the trademarks of their respective owners.
Media Contact: Stacy Simpson SAFECode + 1 202 262 7057 firstname.lastname@example.org