Re: [SC-L] Software security video podcast

2007-10-29 Thread Wisseman, Stan [USA]
If it isn't in the RFP then it's not a requirement, regardless of what the customer implicitly expected. DHS has a draft guide to raise the awareness of those in the acquisition process about the need for software security and how to include the RFP language.

Re: [SC-L] Software security video podcast

2007-10-29 Thread Shea, Brian A
IMO (IANAL) this is a position that is increasingly untenable as we move forward, especially in the consumer markets. As a customer I do, in fact, expect software to operate correctly (per features and functions promised / contracted) but also securely in that is doesn't contain bugs or insecure