An Assurance-Based Approach to Minimizing Risks in the Software Supply Chain. The new report provides actionable recommendations for minimizing the risk of vulnerabilities being inserted into a software product during its sourcing, development and distribution.

http://www.safecode.org/publications/SAFECode_Software_Integrity_Controls0610.pdf 2.3M

First industry-driven framework for analyzing and describing the efforts of software suppliers to mitigate the potential that software could be intentionally compromised during its sourcing, development or distribution.

http://www.safecode.org/publications/SAFECode_Supply_Chain0709.pdf 1.4M

A Framework for Corporate Training Programs on the Principles of Secure Software Development

http://www.safecode.org/publications/SAFECode_Training0409.pdf 1.9M

Based on an analysis of the individual software assurance efforts of SAFECode members, the paper outlines a core set of secure development practices that can be applied across diverse development environments to improve software security.

http://www.safecode.org/publications/SAFECode_Dev_Practices1108.pdf 2.1M

The report outlines the secure development methods and integrity controls currently used by SAFECode members to deliver high-assurance systems to government and commercial customers.

http://www.safecode.org/publications/SAFECode_BestPractices0208.pdf 1.7M
http://www.safecode.org/publications/SAFECode_BestPractices0208_plain.pdf 807K (less graphics)