Ken, in terms of a previous response to your posting in terms of getting customers to ask for secure coding practices from vendors, wouldn't it start with figuring out how they could simply cut-and-paste InfoSec policies into their own?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of McGovern, James F (HTSC, IT) Sent: Thursday, March 08, 2007 11:17 AM To: SC-L@securecoding.org Subject: [SC-L] Information Protection Policies Hopefully lots of the consultants on this list have been wildly successful in getting Fortune enterprises to embrace secure coding practices. I am curious to learn of those who have also been successful in getting these same Fortune enterprises to incorporate the notion of secure coding practices into an information protection policy and whether there are any publicly available examples. ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************************* _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________