SecurityFocus

Software security specifications Feb 21 2005 04:17PM
i.matilde@gmail.com (i matilde gmail com) (3 replies)

Re: Software security specifications Feb 22 2005 04:31PM
Angelo Perniola (perniola gmail com) (1 replies)

Re: Software security specifications Feb 24 2005 03:46AM
Andrew van der Stock (vanderaj greebo net)

Re: Software security specifications Feb 22 2005 07:04AM
udayan pathak (udayan_pathak yahoo com) (1 replies)

Re: Software security specifications Feb 22 2005 03:53PM
i.matilde (at) gmail (dot) com [email concealed] (i matilde gmail com)

Re: Software security specifications Feb 22 2005 05:22AM
Jeff Williams (jeff williams aspectsecurity com)

Check out the OWASP Secure Software Development Contract Annex
(http://www.owasp.org/documentation/legal.html)

Everyone involved with a software contracting relationship of any kind, even
within a single application team, should have a discussion about security.
This document is a *starting point* and is intended to facilitate that
discussion.

Please let the team know if this document is helpful, or if you don't like
the model. We're actively trying to improve the document.

--Jeff

Jeff Williams
The OWASP Foundation
www.owasp.org

----- Original Message -----
From: <i.matilde (at) gmail (dot) com [email concealed]>
To: <webappsec (at) securityfocus (dot) com [email concealed]>; <secprog (at) securityfocus (dot) com [email concealed]>
Sent: Monday, February 21, 2005 11:17 AM
Subject: Software security specifications

>I need to develop a policy that will list security requirements for
> new applications developed internally or by contractors, general
> specifications like validate input ecc...., I am looking for some good
> resources on the subject, any recommendations?
>
> Best Regards,
>
> Shawn

[ reply ]