Secure Coding mailing list archives
FW: How Can You Tell It Is Written Securely?
From: marcinw86 at gmail.com (Marcin Wielgoszewski)
Date: Mon, 1 Dec 2008 11:06:23 -0500
Steven, There are more than several managers of application security programs for F-100 companies that have written security requirements into their SLA's with outsourced development firms. One example uses application penetration testing and vulnerability assessment findings to enforce SLA requirements. Some companies employ an entire team of people to perform both whitebox and blackbox testing in addition to external/3rd-party assessments. And as you later state, security requirements should be written into the functional requirements, and not handed off in its own category or as some appendix document. -Marcin tssci-security.com On Mon, Dec 1, 2008 at 9:59 AM, Herman Stevens <herman.stevens at astyran.be> wrote:
I tend to disagree with your statement that security requirements should be part of contractual agreements or added to a purchase order. In the Real World (? ?) this does not work. Once signed, contracts are never looked at again, unless the shit hits the fan and someone must be blamed for something that went wrong. Development teams (which is a lot broader than the term developers) _never_ read contracts or look at purchase orders.
Current thread:
- How Can You Tell It Is Written Securely? Mark Rockman (Nov 26)
- How Can You Tell It Is Written Securely? ljknews (Nov 27)
- How Can You Tell It Is Written Securely? Stephen Craig Evans (Nov 27)
- How Can You Tell It Is Written Securely? Dana Epp (Nov 27)
- How Can You Tell It Is Written Securely? Jim Manico (Nov 27)
- How Can You Tell It Is Written Securely? McGovern, James F (HTSC, IT) (Nov 30)
- How Can You Tell It Is Written Securely? Andrew van der Stock (Dec 02)
- How Can You Tell It Is Written Securely? ljknews (Dec 02)
- How Can You Tell It Is Written Securely? McGovern, James F (HTSC, IT) (Nov 30)
- How Can You Tell It Is Written Securely? Stephen Craig Evans (Dec 01)
- <Possible follow-ups>
- FW: How Can You Tell It Is Written Securely? Herman Stevens (Dec 01)
- FW: How Can You Tell It Is Written Securely? Marcin Wielgoszewski (Dec 01)
- FW: How Can You Tell It Is Written Securely? Herman Stevens (Dec 01)
- FW: How Can You Tell It Is Written Securely? McGovern, James F (HTSC, IT) (Dec 01)
- FW: How Can You Tell It Is Written Securely? Jim Manico (Dec 01)
- FW: How Can You Tell It Is Written Securely? McGovern, James F (HTSC, IT) (Dec 01)
- FW: How Can You Tell It Is Written Securely? McGovern, James F (HTSC, IT) (Dec 01)
- FW: How Can You Tell It Is Written Securely? Marcin Wielgoszewski (Dec 01)