Industry group tackles software supply chain attacks

By Phil Muncaster on Jul 22, 2009 8:34 AM
Filed under Technology

New SafeCode framework offers best practice guide to software integrity.

Not-for-profit organisation the Software Assurance Forum for Excellence in Code (SafeCode) today announced a new industry-led resource designed to help suppliers prevent software being deliberately compromised during sourcing, development or distribution.

The Software Supply Chain Integrity Framework (PDF) was jointly developed by SafeCode members, including SAP, EMC, Symantec, Microsoft, Nokia and Juniper Networks.

SafeCode said that the framework is designed to address so-called supply chain attacks, in which malicious code is intentionally inserted into software during its development or maintenance.

Secure code development is only one element of software assurance, however, and the software creation and delivery processes must also include integrity controls to enable vendors to deliver uncompromised products, according to SafeCode.

"While SafeCode members have individually implemented software integrity practices, this is the first time that the industry has come together to establish a common framework for ensuring the integrity of software through the global supply chain," said Paul Kurtz, executive director of SafeCode.

"This framework will serve as the foundation for subsequent work aimed at identifying and analysing software integrity best practices, and represents a critical step forward in the industry's efforts to advance software assurance."

 
Follow us on Facebook and Twitter
 

Copyright ©v3.co.uk

Industry group tackles software supply chain attacks
 
 
 
 
 
Top Stories
iPad full-year sales tipped to decline for first time
"Massive deceleration" in global tablet market, reports IDC.
 
Sydney reseller lands leading role with Hoyts cinemas
Shoretel partners oust two incumbents for cinema's digital switch.
 
Eyes on ASX, Cirrus Networks recruits iiNet and L7 star duo
Acquisition veterans appointed chairperson and director.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
What would help your business most?


Latest Comments
CRN Magazine

Issue: 333 | November 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.