Software Assurance Forum for Excellence in Code (SAFECode)

1. Application security control definition (Security requirements).

2. Design.

3. Secure coding practices (code standards, safe languages),

4. Manage security risk inherent in the use of 3rd party components.

5. Testing and validation.

6. Manage security findings (from previous steps).

7. Vulnerability response and dsiclosure (no perfectly secure product).

8. Planning the implementation and deployment of secure development (plan at organization level).

Overview