Application Security Procurement Language

After publishing the SANS Top 25 Application security issues list, a small group of people in New York state have provided a set of contract language and requirements which organizations can use to ensure software development contracts have appropriate requirements for ensuring security. Although the vendor communities might not be thrilled by the prospect of having to train and maintain the security skills of their development staff, I would agree that this type of control goes a long way to ensuring issues get resolved at the source.


Popular Posts