Secure Coding mailing list archives

Re: informIT: vBSIMM (BSIMM for Vendors)

From: Tom Brennan <tomb () owasp org>
Date: Wed, 13 Apr 2011 02:47:43 -0400

Think we have a updated topic panel for JPMC OWASP Event in NYC

https://www.owasp.org/index.php/NYNJMetro

Sent from a mobile device

On Apr 12, 2011, at 7:38 PM, "Kevin W. Wall" <kevin.w.wall () gmail com> wrote:

On 04/12/2011 04:32 PM, James Manico wrote:

Hi Gary,

You may wish to consider the OWASP Legal Project at
https://www.owasp.org/index.php/Category:OWASP_Legal_Project which is
a positive, free, and open resource to assist in building legal
contractal agreements around software security with your vendors.

The state of NY procurement and others have been using this material
as a basis for vendor contract language for years.


Along the same lines, the SANS Institute has formulated their
   "Application Security Procurement Language"
   <http://www.sans.org/appseccontract/>
While IANAL seems to be heavily borrowed (with proper acks) from the
OWASP Legal Project.

-kevin
-- 
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents."        -- Nathaniel Borenstein, co-creator of MIME
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

informIT: vBSIMM (BSIMM for Vendors) Gary McGraw (Apr 12)
- Re: informIT: vBSIMM (BSIMM for Vendors) James Manico (Apr 12)
  - Re: informIT: vBSIMM (BSIMM for Vendors) Kevin W. Wall (Apr 12)
    - Re: informIT: vBSIMM (BSIMM for Vendors) Tom Brennan (Apr 13)
- Re: informIT: vBSIMM (BSIMM for Vendors) Steven M. Christey (Apr 12)