News | Case Studies | Contact
Detailing Best Practices in Security Assurance and Software Development
SAFECode is dedicated to increasing trust in information and communications technology products and services through the advancement of proven software assurance methods.
The Challenge: Communicating the Tools and Processes in Software Development Lifecycle in a Broad and Understandable Way
For SAFECode's first white paper, the group wanted to capture best practices for incorporating security assurance into the software development lifecycle to improve product security and product quality. SAFECode asked Apex Assurance Group to draft the first whitepaper to tackle this important, complex subject.
The Apex Assurance Advantage: Capturing What the Best Companies Do to Build the Best Products
Security assurance is hard. The software development lifecycle is complex, and there is not a "one size fits all" model for software development processes. Apex drew from our resources' experience in the vendor and government world and interviewed Symantec, Microsoft, Cisco, and other leaders to gather case studies to exemplify the academic best practices presented in the paper.
The Result: Clarity in a Complex Subject
Apex leveraged experience and structured information-gathering techniques to develop a publicly available white paper that:
- Provided an excellent overview of security assurance
- Described the software development lifecycle
- Reviewed best practices for integrity controls within the software development lifecycle
- Included case studies from industry leaders on the incorporation of security assurance into the software development lifecycle
- Gave SAFECode a strong initial paper to solidify their introduction into the information security community
The final version of the whitepaper was trimmed significantly from the exhaustive research and information provided by Apex Assurance Group. The result is a clear, concise description of one of the most complex and misunderstood areas in the IT industry.