Misc Thoughts

[James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))]

Many folks acknowledge that outsourcing poses additional challenges to enterprises. OWASP has done a wonderful job in 
terms of creating boilerplate for procuring software, but nothing exists in terms of procuring services. What is the 
best entity to create standard boilerplate for outsourcing?

Large enterprises have information protection policies which are statements of controls that can be audited by firms 
such as Deloitte. Are there any good examples of "controls" that enterprises have adopted in terms of secure coding 
practices that are publicly available?

One thought that I had is that secure coding practices could be pervasively implemented if we as a community started to 
serve on non-profit advisory boards as these folks are the most exposed. How does one find opportunities to serve in 
this capacity.


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************