On 04/12/2011 04:32 PM, James Manico wrote: > Hi Gary, > > You may wish to consider the OWASP Legal Project at > https://www.owasp.org/index.php/Category:OWASP_Legal_Project which is > a positive, free, and open resource to assist in building legal > contractal agreements around software security with your vendors. > > The state of NY procurement and others have been using this material > as a basis for vendor contract language for years.
Along the same lines, the SANS Institute has formulated their "Application Security Procurement Language" <http://www.sans.org/appseccontract/> While IANAL seems to be heavily borrowed (with proper acks) from the OWASP Legal Project. -kevin -- Kevin W. Wall "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We cause accidents." -- Nathaniel Borenstein, co-creator of MIME _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________