Vendors have agreed to share best practices in product and services development with governments and academics, in an effort to increase security of infrastructure.
Microsoft, EMC, SAP, Juniper and Symantec unveiled the Software Assurance Forum for Excellence in Code (SAFECode) at the RSA Security conference in London on Tuesday. It will exchange data on security threats and try to formulate new ways to build secure code.
The founders, who have invested $50,000 each into the initiative in annual membership dues, claim SAFECode is the first global, industry-led initiative to identify and share best practices for software, hardware and services development.
SAFECode will be headed by security expert Paul Kurtz, currently a partner at Good Harbor Consulting, who has also served in senior positions on the White House’s National Security and Homeland Security Councils, and was a founding executive director at the Cyber Security Industry Alliance.
"It’s not a standards body or a lobbying organisation. By promoting the individual best practices of firms we get the greatest chance to improve overall best practices,” said Kurtz. While individual vendors have developed effective methods for developing and delivering more secure and reliable software, everyone has largely worked in isolation.
The technology heavyweights have called on other vendors to join the non-profit organisation, as well as governments and critical infrastructure providers.
The organisation will form three groups, including one technical in nature and one which will deal with matters at a public policy level, as well as advisory groups for government, academia and critical infrastructure providers.
On the question of whether open source community would be able to join, Kurtz said: “Anyone is welcome to work with us. There are security concerns in the open source world too.”