On a slightly tangential note, and apologies if this was mentioned on this list previously, OWASP has some guidelines on how consumers can write up contracts with their vendors related to secure software:
http://www.owasp.org/index.php/OWASP_Secure_Software_Contract_Annex - Steve _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________