The SDL Pro Network

The SDL Pro Network is a group of security consultants, training companies, and tool providers that specialize in application security and have substantial experience and expertise with the methodology and technologies of the SDL.

The services offered by the SDL Pro Network are designed to span the entire lifecycle and make security and privacy an integral part of how software is developed.

Contact a member of the SDL Pro Network to accelerate the optimization of your software security process. To learn more about the expertise of SDL Pro Network members, read the SDL Pro Network case studies or watch the webcasts

  • Consulting Members
  • Tools Members
  • Training Members
  • Consulting Members

    • Accuvant Labs
    • Denver, CO

      Atlanta, GA

      Chicago, IL

    Accuvant Labs service offerings provide comprehensive analysis of mission-critical software, ensuring security threats are identified, an effective application security risk management program is put into place and ultimately all risks are mitigated. Our industry leading assessors leverage comprehensive testing methodologies to analyze critical applications within our clients' environments. Our methodology and approach are comprehensive and tightly integrated directly into clients’ development environments. We adhere to an open, comprehensive and interactive consulting methodology to ensure our clients understand how we are testing their applications and are updated on our findings. Contact
  • Consulting Members

    • Aspect Security
    • Columbia, MD

    Aspect provides application security services and programs for organizations with critical applications. Our positive approach focused on key application security controls makes application security manageable and is designed to be as cost-effective as possible. We bring together business and executive management, software development, and security and audit groups to enable informed decisions about the risks of insecure applications. Our balanced programs, including training (both instructor led and e-Learning), development, architecture and process support, and verification services will help you improve your application security and your ability to manage cost and risk. Contact
  • Consulting Members

    • Aujas
    • Jersey City, NJ

      Bangalore, India

      Sharjah, UAE

    Aujas, an International Data Group (IDG) company, is a global Information Risk Management services company. Our IRM consultants work with your management team to align information risk with business initiatives, so that security becomes a business driver and competitive advantage rather than a financial burden for your company. Our holistic approach focuses on your business fundamentals and how they interrelate with risk mitigation strategy, governance, compliance, and other strategic information issues.

    We offer global clients:

    • Information Risk Advisory services
    • Secure Development Life Cycle services
    • Identity and Access Management services
    • Managed Information Risk services
    • Vulnerability Management services
    Contact
  • Consulting Members

    • BAE Systems Detica
    • London, United Kingdom

      Canberra, Australia

      Kuala Lumpur, Malaysia

      Boston, USA

    BAE Systems Detica is a global business that delivers information intelligence solutions to government and commercial customers. We help them collect, exploit and manage data so they can deliver critical business services more effectively and economically. We also develop solutions to strengthen national security and resilience.

    We integrate and deliver world-class solutions to our customers’ most complex operational problems – often applying our own unique intellectual property. Our services include cyber security, managing risk and compliance, data analytics, systems integration and managed services, strategy and business change and the development of innovative software and hardware technologies.

    We provide Common Criteria and FIPS consulting and evaluation services through licensed evaluation facilities in Australia and Malaysia. With this technical depth and membership in the SDL Pro Network, we are uniquely placed to help organizations build security into applications from the start.

    Contact
  • Consulting Members

    • Booz Allen Hamilton
    • McLean, VA

    Booz Allen Hamilton has been at the forefront of strategy and technology consulting for nearly a century. Booz Allen possesses the ability to design, develop, and deploy secure software, as well as verify the existence of weaknesses in systems. We have extensive experience in applying security best practices throughout the development lifecycle to minimize the occurrence of software defects that can put data and systems at risk. We provide our clients with a deep and diverse software assurance program that enhances their approach to software security beyond the traditional compensatory security controls. Contact
  • Consulting Members

    • Casaba
    • Seattle, WA

    Casaba Security is a select group of technology security consultants and developers with a reputation for relentlessly researching, developing and implementing innovative solutions to the most difficult security problems. They do this by providing in-depth product security reviews - analyzing requirements and design decisions, and performing SDL-required security testing. Casaba is constantly seeking out and evaluating the best tools and technologies for their clients’ needs. When they don’t exist, they build them. Contact us to request a free consultation. Contact
  • Consulting Members

    • cigital
    • Santa Clara, CA

      New York City, NY

    At Cigital, we are proud of our extensive experience running a significant number of large-scale enterprise software security initiatives spanning customers in financial services, independant software vendors, gaming, retail and embedded systems. Established in 1992, we have trained several thousand developers, architects and executives on the fundamentals of software security. We have rolled out tools and best practices for many of our best customers. Cigital is the largest and most experience software security services provider in the world and as a member of the SDL Pro Network, Cigital will be able to bring its extensive experience in delivering software security initiatives. Contact
  • Consulting Members

    • Consult Comply
    • Herndon, VA

    Consult2Comply is a specialized enterprise Governance, Risk and Compliance software and services provider founded by information security, risk and compliance professionals with over 25 years of GRC auditing and consulting experience. The C2C methodology aligns an organization’s compliance strategy with specific business objectives. C2C’s products automate the costly manual processes associated with compliance initiatives, performing tasks in hours that normally take days. We provide stakeholders with a sustainable business-centric common operating compliance framework. We refer to this as B-GRC. This blended approach of software plus services as a compliance solution is continually being appreciated and validated by our growing international customer base. Contact
  • Consulting Members

    • Conviso
    • Curitiba, PR, Brazil

      Satellite offices: São Paulo, SP, Brazil

      Brasília, DF, Brazil

    Conviso is a consulting company specialized in network and application security services and in application security research. Our values are based on the allocation of the adequate competencies on the field, collaboration and partnership with our customers and business partners and constant investments on methodology and research improvement. Conviso maintains a virtual team dedicated to explore our customer’s environments in order to identify technical vulnerabilities in software and hardware, developing real-world mitigation solutions and processes to maintain more secure environments. Contact
  • Consulting Members

    • IOActive
    • London, United Kingdom

      Seattle, WA

      New York, NY

    IOActive’s SDL Integration service is designed to help organizations integrate security into all phases of the software development process. Our consultants work alongside an organization’s project managers, security architects, and coders to identify efficient methods for integrating security into the overall development process. Covering the complete lifecycle of software development, from conception to deployment, IOActive reviews practices and tasks, providing strategic recommendations for the implementation of a security-focused development lifecycle, and identifying opportunities to increase the effectiveness of risk management for the enterprise. Contact
  • Consulting Members

    • iSEC PARTNERS
    • San Francisco, CA

      Seattle, WA

      New York, NY

    iSEC Partners is a full-service application, infrastructure and mobile security consulting company combining cutting edge research with an unflagging commitment to customer service. We provide practical solutions to some of the world’s most difficult security problems. iSEC Partners' practical and experience-driven approach to the SDL as an engineering quality discipline has made us the partner of choice for customers where security is an integral part of their world-changing innovations. Contact
  • Consulting Members

    • leviathan
    • Seattle, WA

    Leviathan Security Group is a professional information security firm made up of industry leading, security virtuosos. You have information and assets to protect, and we are the experts at your fingertips who will evolve the SDL aspects of your security program, so that it is flexible and inventive and can shift, change, and stay ahead of business developments and compliance standards. Our managers and engineers work seamlessly with a diverse multitude of businesses to design and evolve SDL stratagems; we create tools and programs that keep our clients ahead of the curve; we earned our title, SDL Pro Network Providers. Leviathan Security Group consistently travels to areas around the world to provide SDL training, consulting, or tools. We can also provide training via video conferencing.

    Contact
  • Consulting Members

    • LOCKHEED MARTIN
    • Corporate HQ: Bethesda, MD

      Satellite offices: Gaithersburg, MD (Information Systems & Global Solutions Business Area HQ)

      Valley Forge, PA

    Headquartered in Bethesda, Md., Lockheed Martin is a global security company that employs about 123,000 people worldwide and is principally engaged in the research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services. The Corporation's net sales for 2011 were $46.5 billion. For additional information, visit our website: www.lockheedmartin.com. Contact
  • Consulting Members

    • nruns
    • Oberursel, Germany

    The n.runs AG, founded in 2001, has established itself on the market as a developer-independent and neutral consulting company for the sectors of IT security, IT infrastructure and IT-Business Consulting. The services provided by n.runs AG pursue a comprehensive approach and encompass auditing/assessment, design, support in the application of the latest technologies, along with process consulting and knowledge transfer. In 2008, n.runs AG became the only central European company to join the “Microsoft Security Development Lifecycle Pro Network”, followed by the implementation of the special sector “Security Development Lifecycle” which delivers high level SDL consulting and training services. Contact
  • Consulting Members

    • Paladion
    • Locations: Herndon, VA

      London, UK

      Bangalore, India

    At Paladion, we started breathing security from the day of our founding in 2000. We did our first application security engagement in 2003 and since then, we have built a full-service application security practice. We have over 100 application security engineers and we are still growing. Paladion is a full-service information security and risk-management company serving customers in over 20 countries. We have had the privilege to work with customers in financial services, ecommerce, media, telecommunications, retail, and healthcare to build and execute Microsoft Security Development Lifecycle (SDL) programs. Our customers leverage our SDL consulting, application security testing, and source code review services through our integrated global delivery model to build and strengthen their software/application security programs. Contact
  • Consulting Members

    • SAIC
    • McLean, VA

      San Diego, CA

    SAIC is a FORTUNE 500® scientific, engineering and technology applications company that uses its deep domain knowledge to solve problems of vital importance to the nation and the world, in national security, energy and the environment, critical infrastructure, and health. We do this with the constant and deliberate commitment to ethical performance and integrity that has marked SAIC since its founding. Contact
  • Consulting Members

    • STACH&LIU
    • Phoenix, AZ

      San Francisco, CA

      Atlanta, GA

    Founded by industry experts in 2005, Stach & Liu provides security consulting services to the Fortune 1000, financial institutions, and governments. Our mission is to help companies secure their networks and applications with core services including: SDL program development, application security assessments, and secure development training.

    Our team has a track record of successfully working with clients throughout the Fortune 1000 to implement secure development programs. In addition, we have provided instructor-led secure development training for several thousand developers. With more than 100 years of combined security experience and a true passion for what we do, our expert team is ready to help your organization with SDL programs and services.

    Contact
  • Consulting Members

    • VERIZON business
    • Reading, United Kingdom

      Frankfurt am Main, Germany

      Contern, Luxembourg

    With employees in 321 offices and 75 countries, Verizon Business offers a consistent global service experience and dedicated local service and support. Regardless of whether your challenge is network, IT infrastructure, communications or security related, our Professional Services consultants have the expertise to assess, design, implement, and manage your information systems. We use proven methodologies and experience to evaluate your current systems, recommend improvements, and create an IT strategy that makes sense for your organization. The net result can help you increase productivity, control costs, and offer better customer service.

    As an SDL Pro Network member and a proven security solutions provider, Verizon Business EMEA offers leading Threat & Vulnerability consulting expertise (incl. on-site SDL evangelists, adhoc SDL consultancy, SDL pilot programs, secure coding guidelines and developer trainings) to help enterprises develop secure, robust development lifecycles, leveraging relationships with leading Secure Code Review vendors to offer enterprise solutions that yield results.

    Contact
  • Tools Members

    • Beyond Security
    • Cupertino, CA

      Reading, United Kingdom

      Mount Colah, Australia

    Beyond Security's automated security testing technologies discover and report security weaknesses in corporate networks, web applications and software. We help businesses and governments automate the assessment and management of their security status thus securing them against data loss, meeting security policy requirements and exceeding industry testing standards with a fraction of the normal manpower investment.

    beSTORM is an enterprise level 'smart fuzzer' that performs comprehensive software security analysis and discovers vulnerabilities during development and after release. beSTORM tests all major protocols and 'auto learns' new protocols on the fly. Highlights: Automated binary and textual analysis, advanced debugging and stack tracing.

    Contact
  • Tools Members

    • Codenomicon
    • Oulu, Finland

      Cupertino, CA

      Hong Kong

    Codenomicon develops automated security and quality testing software for testing business or mission critical products, before deployment. Codenomicon's intelligent model-based fuzzers achieve unparalleled efficiency in finding both known and unknown weaknesses. Software developers, testers and security auditors in e.g. the finance, telecommunication and defense industries rely on Defensics to harden systems, mitigate cyber-security threats and improve their Quality of Service. Codenomicon's off-the-shelf DEFENSICS solutions provide an easy way of integrating fuzzing into the SDL. These software based tools cover all standard or proprietary protocols. Codenomicon also offers an extensive range of services, including training, security audits and test lab management.Contact
  • Tools Members

    • FORTIFY
    • San Mateo, CA

    Fortify®'s Software Security Assurance (SSA) products and services protect companies from threats posed by security flaws in software applications – helping identify and resolve critical application vulnerabilities. Fortify solutions, professional services and training span all phases of the SDL helping organizations implement repeatable processes essential in secure development best practices.

    Fortify’s customers include government and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners.

    Contact
  • Tools Members

    • McCabe
    • Cranston, RI

      Columbia, MD

    McCabe Software has provided Software Quality Management solutions for over 30 years. McCabe IQ analyzes the security vulnerability, quality, and testing of critical applications, utilizing a comprehensive set of software metrics including the McCabe-authored Cyclomatic Complexity metric and exclusive “Basis Path” coverage technology. McCabe IQ is built for software engineers and security analysts who need to execute security or vulnerability analysis on complex software. Unlike other security solutions, McCabe IQ uses a path-oriented approach, enabling engineers to understand interactions and verify exploitable paths within a codebase. This is crucial when determining exploitability, modeling attack space, and performing vulnerability analysis.Contact
  • Tools Members

    • Mu Dynamics
    • Sunnyvale, CA

    Mu Dynamics is the leader in testing NGN services, enabling customers to meet the challenges of deploying services for the iGeneration. Unlike legacy testing tools, Mu transforms actual service interactions into test scenarios using our patent-pending Active Service Replication (ASR) technology. Mu allows customers to accurately test complex services including triple play, mobile, and cloud, empowering them to innovate with confidence and deliver high quality services.

    The Mu Test Suite provides critical value to all test organizations implementing the SDL. Mu Test Suite helps improve resiliency and robustness, shortens release cycles and makes issue resolution more efficient.

    Contact
  • Training Members

    • Safelight
    • Providence, RI

      Seattle, WA

    Safelight is a leader in security education—our integration of deep security expertise and innovative approaches to interactive learning sets us apart. We offer a full range of instructor-led and on-demand security courses for developers, architects, QA testers and managers. Our courses for development teams begin with an overview of fundamental secure coding principles. Students learn the many ways in which vulnerabilities in software code may be exploited by attackers and are shown the value of secure development. Building on this understanding of the risks inherent in software development, students learn solid architecture, design, testing and implementation principles.Contact
  • Training Members

    • SANS
    • Bethesda, MD

    SANS is the best and most trusted source for information and computer security training. We offer training through several delivery methods - live & virtual conferences, mentors, online, and onsite. Our computer security courses are developed by industry leaders in numerous fields including network security, forensics, audit, security leadership, and application security. Courses are taught by real-world practitioners who are the best at ensuring you not only learn the material, but that you can apply it immediately when you return to the office.Contact
  • Training Members

    • Security Compass
    • Shrewsbury, NJ, USA

      Toronto, ON, Canada

    Security Compass is an industry-leading information security consulting firm, specializing in secure software development and training. We have in-depth knowledge of information security and software engineering, and an unmatched commitment to professionalism and training quality. We help the world's most security conscious companies to build trustworthy software from the ground up. As a proud member of the Microsoft SDL Pro Network, we provide interactive and hands-on training for all participants in the SDLC. Request a custom managed enterprise training program composed of courses in various delivery formats: onsite, instructor-led remote, and web-based.Contact
  • Training Members

    Security Innovation (SI) focuses on the most difficult problems of IT security - those at the application layer. The company’s training, assessment, and consulting solutions help organizations rollout software applications that are secure and in compliance. SI has a long withstanding relationship with Microsoft and is extremely adept in the company’s technologies and the Microsoft SDL. With more than 30 eLearning courses secure development methodologies, and consulting services that can isolate problems at any phase of the development process (or within the process itself) SI can help your organization adopt or refine the SDL with optimum efficiency and minimal disruption.Contact
  • Consulting Members
  • Consulting Members

    • Accuvant Labs
    • Denver, CO

      Atlanta, GA

      Chicago, IL

    Accuvant Labs service offerings provide comprehensive analysis of mission-critical software, ensuring security threats are identified, an effective application security risk management program is put into place and ultimately all risks are mitigated. Our industry leading assessors leverage comprehensive testing methodologies to analyze critical applications within our clients' environments. Our methodology and approach are comprehensive and tightly integrated directly into clients’ development environments. We adhere to an open, comprehensive and interactive consulting methodology to ensure our clients understand how we are testing their applications and are updated on our findings. Contact
  • Consulting Members

    • Aspect Security
    • Columbia, MD

    Aspect provides application security services and programs for organizations with critical applications. Our positive approach focused on key application security controls makes application security manageable and is designed to be as cost-effective as possible. We bring together business and executive management, software development, and security and audit groups to enable informed decisions about the risks of insecure applications. Our balanced programs, including training (both instructor led and e-Learning), development, architecture and process support, and verification services will help you improve your application security and your ability to manage cost and risk. Contact
  • Consulting Members

    • Aujas
    • Jersey City, NJ

      Bangalore, India

      Sharjah, UAE

    Aujas, an International Data Group (IDG) company, is a global Information Risk Management services company. Our IRM consultants work with your management team to align information risk with business initiatives, so that security becomes a business driver and competitive advantage rather than a financial burden for your company. Our holistic approach focuses on your business fundamentals and how they interrelate with risk mitigation strategy, governance, compliance, and other strategic information issues.

    We offer global clients:

    • Information Risk Advisory services
    • Secure Development Life Cycle services
    • Identity and Access Management services
    • Managed Information Risk services
    • Vulnerability Management services
    Contact
  • Consulting Members

    • BAE Systems Detica
    • London, United Kingdom

      Canberra, Australia

      Kuala Lumpur, Malaysia

      Boston, USA

    BAE Systems Detica is a global business that delivers information intelligence solutions to government and commercial customers. We help them collect, exploit and manage data so they can deliver critical business services more effectively and economically. We also develop solutions to strengthen national security and resilience.

    We integrate and deliver world-class solutions to our customers’ most complex operational problems – often applying our own unique intellectual property. Our services include cyber security, managing risk and compliance, data analytics, systems integration and managed services, strategy and business change and the development of innovative software and hardware technologies.

    We provide Common Criteria and FIPS consulting and evaluation services through licensed evaluation facilities in Australia and Malaysia. With this technical depth and membership in the SDL Pro Network, we are uniquely placed to help organizations build security into applications from the start.

    Contact
  • Consulting Members

    • Booz Allen Hamilton
    • McLean, VA

    Booz Allen Hamilton has been at the forefront of strategy and technology consulting for nearly a century. Booz Allen possesses the ability to design, develop, and deploy secure software, as well as verify the existence of weaknesses in systems. We have extensive experience in applying security best practices throughout the development lifecycle to minimize the occurrence of software defects that can put data and systems at risk. We provide our clients with a deep and diverse software assurance program that enhances their approach to software security beyond the traditional compensatory security controls. Contact
  • Consulting Members

    • Casaba
    • Seattle, WA

    Casaba Security is a select group of technology security consultants and developers with a reputation for relentlessly researching, developing and implementing innovative solutions to the most difficult security problems. They do this by providing in-depth product security reviews - analyzing requirements and design decisions, and performing SDL-required security testing. Casaba is constantly seeking out and evaluating the best tools and technologies for their clients’ needs. When they don’t exist, they build them. Contact us to request a free consultation. Contact
  • Consulting Members

    • cigital
    • Santa Clara, CA

      New York City, NY

    At Cigital, we are proud of our extensive experience running a significant number of large-scale enterprise software security initiatives spanning customers in financial services, independant software vendors, gaming, retail and embedded systems. Established in 1992, we have trained several thousand developers, architects and executives on the fundamentals of software security. We have rolled out tools and best practices for many of our best customers. Cigital is the largest and most experience software security services provider in the world and as a member of the SDL Pro Network, Cigital will be able to bring its extensive experience in delivering software security initiatives. Contact
  • Consulting Members

    • Consult Comply
    • Herndon, VA

    Consult2Comply is a specialized enterprise Governance, Risk and Compliance software and services provider founded by information security, risk and compliance professionals with over 25 years of GRC auditing and consulting experience. The C2C methodology aligns an organization’s compliance strategy with specific business objectives. C2C’s products automate the costly manual processes associated with compliance initiatives, performing tasks in hours that normally take days. We provide stakeholders with a sustainable business-centric common operating compliance framework. We refer to this as B-GRC. This blended approach of software plus services as a compliance solution is continually being appreciated and validated by our growing international customer base. Contact
  • Consulting Members

    • Conviso
    • Curitiba, PR, Brazil

      Satellite offices: São Paulo, SP, Brazil

      Brasília, DF, Brazil

    Conviso is a consulting company specialized in network and application security services and in application security research. Our values are based on the allocation of the adequate competencies on the field, collaboration and partnership with our customers and business partners and constant investments on methodology and research improvement. Conviso maintains a virtual team dedicated to explore our customer’s environments in order to identify technical vulnerabilities in software and hardware, developing real-world mitigation solutions and processes to maintain more secure environments. Contact
  • Consulting Members

    • IOActive
    • London, United Kingdom

      Seattle, WA

      New York, NY

    IOActive’s SDL Integration service is designed to help organizations integrate security into all phases of the software development process. Our consultants work alongside an organization’s project managers, security architects, and coders to identify efficient methods for integrating security into the overall development process. Covering the complete lifecycle of software development, from conception to deployment, IOActive reviews practices and tasks, providing strategic recommendations for the implementation of a security-focused development lifecycle, and identifying opportunities to increase the effectiveness of risk management for the enterprise. Contact
  • Consulting Members

    • iSEC PARTNERS
    • San Francisco, CA

      Seattle, WA

      New York, NY

    iSEC Partners is a full-service application, infrastructure and mobile security consulting company combining cutting edge research with an unflagging commitment to customer service. We provide practical solutions to some of the world’s most difficult security problems. iSEC Partners' practical and experience-driven approach to the SDL as an engineering quality discipline has made us the partner of choice for customers where security is an integral part of their world-changing innovations. Contact
  • Consulting Members

    • leviathan
    • Seattle, WA

    Leviathan Security Group is a professional information security firm made up of industry leading, security virtuosos. You have information and assets to protect, and we are the experts at your fingertips who will evolve the SDL aspects of your security program, so that it is flexible and inventive and can shift, change, and stay ahead of business developments and compliance standards. Our managers and engineers work seamlessly with a diverse multitude of businesses to design and evolve SDL stratagems; we create tools and programs that keep our clients ahead of the curve; we earned our title, SDL Pro Network Providers. Leviathan Security Group consistently travels to areas around the world to provide SDL training, consulting, or tools. We can also provide training via video conferencing.

    Contact
  • Consulting Members

    • LOCKHEED MARTIN
    • Corporate HQ: Bethesda, MD

      Satellite offices: Gaithersburg, MD (Information Systems & Global Solutions Business Area HQ)

      Valley Forge, PA

    Headquartered in Bethesda, Md., Lockheed Martin is a global security company that employs about 123,000 people worldwide and is principally engaged in the research, design, development, manufacture, integration and sustainment of advanced technology systems, products and services. The Corporation's net sales for 2011 were $46.5 billion. For additional information, visit our website: www.lockheedmartin.com. Contact
  • Consulting Members

    • nruns
    • Oberursel, Germany

    The n.runs AG, founded in 2001, has established itself on the market as a developer-independent and neutral consulting company for the sectors of IT security, IT infrastructure and IT-Business Consulting. The services provided by n.runs AG pursue a comprehensive approach and encompass auditing/assessment, design, support in the application of the latest technologies, along with process consulting and knowledge transfer. In 2008, n.runs AG became the only central European company to join the “Microsoft Security Development Lifecycle Pro Network”, followed by the implementation of the special sector “Security Development Lifecycle” which delivers high level SDL consulting and training services. Contact
  • Consulting Members

    • Paladion
    • Locations: Herndon, VA

      London, UK

      Bangalore, India

    At Paladion, we started breathing security from the day of our founding in 2000. We did our first application security engagement in 2003 and since then, we have built a full-service application security practice. We have over 100 application security engineers and we are still growing. Paladion is a full-service information security and risk-management company serving customers in over 20 countries. We have had the privilege to work with customers in financial services, ecommerce, media, telecommunications, retail, and healthcare to build and execute Microsoft Security Development Lifecycle (SDL) programs. Our customers leverage our SDL consulting, application security testing, and source code review services through our integrated global delivery model to build and strengthen their software/application security programs. Contact
  • Consulting Members

    • SAIC
    • McLean, VA

      San Diego, CA

    SAIC is a FORTUNE 500® scientific, engineering and technology applications company that uses its deep domain knowledge to solve problems of vital importance to the nation and the world, in national security, energy and the environment, critical infrastructure, and health. We do this with the constant and deliberate commitment to ethical performance and integrity that has marked SAIC since its founding. Contact
  • Consulting Members

    • STACH&LIU
    • Phoenix, AZ

      San Francisco, CA

      Atlanta, GA

    Founded by industry experts in 2005, Stach & Liu provides security consulting services to the Fortune 1000, financial institutions, and governments. Our mission is to help companies secure their networks and applications with core services including: SDL program development, application security assessments, and secure development training.

    Our team has a track record of successfully working with clients throughout the Fortune 1000 to implement secure development programs. In addition, we have provided instructor-led secure development training for several thousand developers. With more than 100 years of combined security experience and a true passion for what we do, our expert team is ready to help your organization with SDL programs and services.

    Contact
  • Consulting Members

    • VERIZON business
    • Reading, United Kingdom

      Frankfurt am Main, Germany

      Contern, Luxembourg

    With employees in 321 offices and 75 countries, Verizon Business offers a consistent global service experience and dedicated local service and support. Regardless of whether your challenge is network, IT infrastructure, communications or security related, our Professional Services consultants have the expertise to assess, design, implement, and manage your information systems. We use proven methodologies and experience to evaluate your current systems, recommend improvements, and create an IT strategy that makes sense for your organization. The net result can help you increase productivity, control costs, and offer better customer service.

    As an SDL Pro Network member and a proven security solutions provider, Verizon Business EMEA offers leading Threat & Vulnerability consulting expertise (incl. on-site SDL evangelists, adhoc SDL consultancy, SDL pilot programs, secure coding guidelines and developer trainings) to help enterprises develop secure, robust development lifecycles, leveraging relationships with leading Secure Code Review vendors to offer enterprise solutions that yield results.

    Contact
  • Tools Members
  • Tools Members

    • Beyond Security
    • Cupertino, CA

      Reading, United Kingdom

      Mount Colah, Australia

    Beyond Security's automated security testing technologies discover and report security weaknesses in corporate networks, web applications and software. We help businesses and governments automate the assessment and management of their security status thus securing them against data loss, meeting security policy requirements and exceeding industry testing standards with a fraction of the normal manpower investment.

    beSTORM is an enterprise level 'smart fuzzer' that performs comprehensive software security analysis and discovers vulnerabilities during development and after release. beSTORM tests all major protocols and 'auto learns' new protocols on the fly. Highlights: Automated binary and textual analysis, advanced debugging and stack tracing.

    Contact
  • Tools Members

    • Codenomicon
    • Oulu, Finland

      Cupertino, CA

      Hong Kong

    Codenomicon develops automated security and quality testing software for testing business or mission critical products, before deployment. Codenomicon's intelligent model-based fuzzers achieve unparalleled efficiency in finding both known and unknown weaknesses. Software developers, testers and security auditors in e.g. the finance, telecommunication and defense industries rely on Defensics to harden systems, mitigate cyber-security threats and improve their Quality of Service. Codenomicon's off-the-shelf DEFENSICS solutions provide an easy way of integrating fuzzing into the SDL. These software based tools cover all standard or proprietary protocols. Codenomicon also offers an extensive range of services, including training, security audits and test lab management.Contact
  • Tools Members

    • FORTIFY
    • San Mateo, CA

    Fortify®'s Software Security Assurance (SSA) products and services protect companies from threats posed by security flaws in software applications – helping identify and resolve critical application vulnerabilities. Fortify solutions, professional services and training span all phases of the SDL helping organizations implement repeatable processes essential in secure development best practices.

    Fortify’s customers include government and FORTUNE 500 companies in a wide variety of industries, such as financial services, healthcare, e-commerce, telecommunications, publishing, insurance, systems integration and information management. The company is backed by world-class teams of software security experts and partners.

    Contact
  • Tools Members

    • McCabe
    • Cranston, RI

      Columbia, MD

    McCabe Software has provided Software Quality Management solutions for over 30 years. McCabe IQ analyzes the security vulnerability, quality, and testing of critical applications, utilizing a comprehensive set of software metrics including the McCabe-authored Cyclomatic Complexity metric and exclusive “Basis Path” coverage technology. McCabe IQ is built for software engineers and security analysts who need to execute security or vulnerability analysis on complex software. Unlike other security solutions, McCabe IQ uses a path-oriented approach, enabling engineers to understand interactions and verify exploitable paths within a codebase. This is crucial when determining exploitability, modeling attack space, and performing vulnerability analysis.Contact
  • Tools Members

    • Mu Dynamics
    • Sunnyvale, CA

    Mu Dynamics is the leader in testing NGN services, enabling customers to meet the challenges of deploying services for the iGeneration. Unlike legacy testing tools, Mu transforms actual service interactions into test scenarios using our patent-pending Active Service Replication (ASR) technology. Mu allows customers to accurately test complex services including triple play, mobile, and cloud, empowering them to innovate with confidence and deliver high quality services.

    The Mu Test Suite provides critical value to all test organizations implementing the SDL. Mu Test Suite helps improve resiliency and robustness, shortens release cycles and makes issue resolution more efficient.

    Contact
  • Training Members
  • Training Members

    • Safelight
    • Providence, RI

      Seattle, WA

    Safelight is a leader in security education—our integration of deep security expertise and innovative approaches to interactive learning sets us apart. We offer a full range of instructor-led and on-demand security courses for developers, architects, QA testers and managers. Our courses for development teams begin with an overview of fundamental secure coding principles. Students learn the many ways in which vulnerabilities in software code may be exploited by attackers and are shown the value of secure development. Building on this understanding of the risks inherent in software development, students learn solid architecture, design, testing and implementation principles.Contact
  • Training Members

    • SANS
    • Bethesda, MD

    SANS is the best and most trusted source for information and computer security training. We offer training through several delivery methods - live & virtual conferences, mentors, online, and onsite. Our computer security courses are developed by industry leaders in numerous fields including network security, forensics, audit, security leadership, and application security. Courses are taught by real-world practitioners who are the best at ensuring you not only learn the material, but that you can apply it immediately when you return to the office.Contact
  • Training Members

    • Security Compass
    • Shrewsbury, NJ, USA

      Toronto, ON, Canada

    Security Compass is an industry-leading information security consulting firm, specializing in secure software development and training. We have in-depth knowledge of information security and software engineering, and an unmatched commitment to professionalism and training quality. We help the world's most security conscious companies to build trustworthy software from the ground up. As a proud member of the Microsoft SDL Pro Network, we provide interactive and hands-on training for all participants in the SDLC. Request a custom managed enterprise training program composed of courses in various delivery formats: onsite, instructor-led remote, and web-based.Contact
  • Training Members

    Security Innovation (SI) focuses on the most difficult problems of IT security - those at the application layer. The company’s training, assessment, and consulting solutions help organizations rollout software applications that are secure and in compliance. SI has a long withstanding relationship with Microsoft and is extremely adept in the company’s technologies and the Microsoft SDL. With more than 30 eLearning courses secure development methodologies, and consulting services that can isolate problems at any phase of the development process (or within the process itself) SI can help your organization adopt or refine the SDL with optimum efficiency and minimal disruption.Contact