Secure Coding mailing list archives
Misc Thoughts
From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Mon, 2 Apr 2007 10:45:16 -0400
Many folks acknowledge that outsourcing poses additional challenges to enterprises. OWASP has done a wonderful job in terms of creating boilerplate for procuring software, but nothing exists in terms of procuring services. What is the best entity to create standard boilerplate for outsourcing? Large enterprises have information protection policies which are statements of controls that can be audited by firms such as Deloitte. Are there any good examples of "controls" that enterprises have adopted in terms of secure coding practices that are publicly available? One thought that I had is that secure coding practices could be pervasively implemented if we as a community started to serve on non-profit advisory boards as these folks are the most exposed. How does one find opportunities to serve in this capacity. ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. *************************************************************************
Current thread:
- Misc Thoughts McGovern, James F (HTSC, IT) (Apr 02)