Safecode initiative fails to attract open source players
Industry group Safecode hasn't managed to encourage any open source players to join in its mission to improve the inherent security of software despite being around for nearly a year. Speaking at the RSA Security Conference Europe, in London, the organisation's executive director Paul Kurtz admitted that although the foundation of the organisation was announced at last year's show, the group hasn't managed to add any open source players to its ranks so far.
"It is in all our interests that there be a secure IT ecosystem," said Kurtz. "We would love to have the membership of open source providers in this organisation," he said. When asked what was preventing open source players from joining, Kurtz would not be drawn on an answer. "You would have to go to them for an answer to that," he said. "It is not us."
Open source specialist Red Hat's chief technology office Brian Stevens said that he hadn't heard about Safecode, or if his company had been asked to join, but said that he would look into the organisation and see if there were any "benefits" in Red Hat becoming a member.
Despite the lack of cooperation from open source players, Safecode claims it is still thinking in terms of the needs of open source developers. The group recently published a Guide to Secure Development Practices which it claims includes advice for developers in the FOSS community. "Where there are lists of compiler switches, some of them are for the GCC compiler, so it is a cross-platform look at secure practices," said Microsoft chief trustworthy infrastructure strategist and chairman of the Safecode board, Phil Reitinger.
Nokia, which recently acquired mobile operating system maker Symbian, and decided to open source the platform, is also part of Safecode. But when asked whether the open source strategy around Symbian had been fed into its activities in Safecode, the company's head of product security, and Safecode vice chairman, Janne Uuusilehto, wouldn't be drawn on the impact of the move. "No. It has not affected this work. This work is fundamental and our goal with this is to get the whole industry to create secure software," he said.
Safecode claims it is taking a very "open approach" to its mission and is making all its findings and technical papers freely available. "Our two papers are up on the web, we really are trying to be an organisation to advance the cause of secure coding," said Kurtz. "We are trying to be open to others to join but we are very proud of what we have done already," said Kurtz.