More Secure Software for a Safer Digital Transformation

Many cyberattacks can be linked to a software vulnerability exploited by attackers seeking to gain unauthorized access to targeted organizations’ systems or applications. The digital transformation which brings more software to smart connected devices, also creates more opportunities for attackers to exploit vulnerabilities.

man holding image of padlock

We all have a role to play: The battle to ensure that organizations achieve the full potential of their digital transformation must be fought on two fronts:

  • Organizations need to transform their security by using a risk-driven, proactive approach, which at Dell we call “Security Transformation”.
  • Developers must build more secure software to minimize software vulnerabilities and the exposure of devices on which their software is deployed.

Developing more secure software is less about technology, and more about people and processes. It requires an industry-wide effort that focuses on educating software engineers and driving the adoption of a secure software development process.

In a recent blog post, I discussed the need to start teaching security to all developers at the time we teach them how to code, not years later, after they have graduated from college.

On the process side, I am excited to share that SAFECode recently released the Third Edition of its Fundamental Practices for Secure Software Development. Security experts from Dell EMC and from other SAFECode member companies have created this authoritative best practices guide based on their extensive experience in order to encourage the industry-wide adoption of secure development practices.

Successful digital transformation must be built on a foundation of secure software. Please help us drive adoption of secure development practices by sharing SAFECode’s Fundamental Practices for Secure Software Development with security practitioners and with every software professional in your organization.

Eric Baize

About the Author: Eric Baize

Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell EMC’s Product Security Office and serves as Chairman of SAFECode, an industry-led non-profit organization dedicated to advancing software and supply chain security best practices. At Dell EMC, Eric leads the team that sets the standards and practices for all aspects of product security for the product portfolio: Vulnerability response, secure development, consistent security architecture, and code integrity. Eric joined Dell through its combination with EMC where he built EMC’s highly successful product security program from the ground up and was a founding member of the leadership team that drove EMC’s acquisition of RSA Security in 2006. He later led RSA’s strategy for cloud and virtualization. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US. Eric has been a member of the SAFECode Board of Directors since the organization was founded in 2007 and also serves on the BSIMM Board of Advisors. He holds multiple U.S. patents, has authored international security standards, is a regular speaker at industry conferences and has been quoted in leading print and online news media. Eric holds a Masters of Engineering degree in Computer Science from Ecole Nationale Supérieure des Télécommunications de Bretagne, France and is a Certified Information Security Manager. Follow Eric Baize on Twitter: @ericbaize