Another FYI today... I saw an interesting article in GCN (via a link from LinuxSecurity.com) regarding an announcement from the folks at Ounce Labs. The article (which is at http://www.gcn.com/23_26/product-briefs/27167-1.html for those interested) states, "Ounce Labs has published sample contract language for software development that sets specific security standards and requires a security audit of the source code. The language frees the buyer from having to pay for software that does not meet the standards."
Anyone here familiar with any organizations that have adopted Ounce Labs' contract verbiage -- or something conceptually similar to it? Cheers, Ken van Wyk -- KRvW Associates, LLC http://www.KRvW.com
