Contracting for Secure Code

Contracting for Secure Code
Chris Wysopal, 2009-03-06

Forcing suppliers to attest to the security of provided software is gaining adherents: Just ask Kaspersky Lab.

Third-party software 2009-03-11
Andre Gironda

Yes, but you're missing the most important part of these kind of contracts.

I think it's super-important for contracts to include language to have a supportable application, regardless of where software security fits into: feature requests, functional requirements, non-functional requirements, so...

[ more ] [ reply ]

Caveat Emptor 2009-03-12
Ron

In other words, you are telling people to be careful when then they contract code development. That is entirely reasonable, and these days it is a prudent action and could even be considered a "best practice".

The contract language you linked to is another issue. At the time the Top 25 list cam...

[ more ] [ reply ]