WebApp Sec mailing list archives
Re: Software security specifications
From: "Jeff Williams" <jeff.williams () aspectsecurity com>
Date: Tue, 22 Feb 2005 00:22:40 -0500
Check out the OWASP Secure Software Development Contract Annex (http://www.owasp.org/documentation/legal.html)
Everyone involved with a software contracting relationship of any kind, even within a single application team, should have a discussion about security. This document is a *starting point* and is intended to facilitate that discussion.
Please let the team know if this document is helpful, or if you don't like the model. We're actively trying to improve the document.
--Jeff Jeff Williams The OWASP Foundation www.owasp.org----- Original Message ----- From: <i.matilde () gmail com>
To: <webappsec () securityfocus com>; <secprog () securityfocus com> Sent: Monday, February 21, 2005 11:17 AM Subject: Software security specifications
I need to develop a policy that will list security requirements for new applications developed internally or by contractors, general specifications like validate input ecc...., I am looking for some good resources on the subject, any recommendations? Best Regards,Shawn
Current thread:
- Software security specifications i.matilde () gmail com (Feb 21)
- Re: Software security specifications Jeff Williams (Feb 21)
- Re: Software security specifications udayan pathak (Feb 21)
- Re: Software security specifications i.matilde () gmail com (Feb 23)
- Re: Software security specifications Angelo Perniola (Feb 23)
- Re: Software security specifications Andrew van der Stock (Feb 23)