Re: [SC-L] Information Protection Policies

2007-03-13 Thread Kenneth Van Wyk
On Mar 9, 2007, at 5:27 PM, McGovern, James F ((HTSC, IT)) wrote: Ken, in terms of a previous response to your posting in terms of getting customers to ask for secure coding practices from vendors, wouldn't it start with figuring out how they could simply cut-and- paste InfoSec policies into

Re: [SC-L] Information Protection Policies

2007-03-13 Thread Gary McGraw
- From: Kenneth Van Wyk [mailto:[EMAIL PROTECTED] Sent: Tue Mar 13 12:23:16 2007 To: Secure Coding Subject:Re: [SC-L] Information Protection Policies On Mar 9, 2007, at 5:27 PM, McGovern, James F ((HTSC, IT)) wrote: Ken, in terms of a previous response to your posting in terms

Re: [SC-L] Information Protection Policies

2007-03-10 Thread Steven M. Christey
On a slightly tangential note, and apologies if this was mentioned on this list previously, OWASP has some guidelines on how consumers can write up contracts with their vendors related to secure software: http://www.owasp.org/index.php/OWASP_Secure_Software_Contract_Annex - Steve

Re: [SC-L] Information Protection Policies

2007-03-09 Thread McGovern, James F (HTSC, IT)
Ken, in terms of a previous response to your posting in terms of getting customers to ask for secure coding practices from vendors, wouldn't it start with figuring out how they could simply cut-and-paste InfoSec policies into their own? -Original Message- From: [EMAIL PROTECTED]