I
think I should have been more specific in my first post. I should have phrased
it as I have yet to find a large enterprise whose primary business isn't
software or technology that has made a significant investment in such
tools.
Likewise, a lot of large enteprrises are shifting away
from building inhouse to either outsourcing and/or buying which means that secure coding practices should also be enforced via procurement agreements. Has
anyone here ran across contract clauses that assist in this
regard?
-----Original Message-----Right, because their customers (are starting to) demand more secure code from their technology. In the enterprise space the financial, insurance, healthcare companies who routinely lose their customer’s data and provide their customers with vulnerability-laden apps have not yet seen the same amount of customer demand for this, but 84 million public lost records later ( http://www.privacyrights.org/ar/ChronDataBreaches.htm) this may begin to change.
From: Gunnar Peterson [mailto:[EMAIL PROTECTED]
Sent: Friday, June 09, 2006 8:48 AM
To: Brian Chess; Secure Mailing List; McGovern, James F (HTSC, IT)
Subject: Re: [SC-L] RE: Comparing Scanning Tools
-gp
On 6/9/06 1:45 AM, "Brian Chess" <[EMAIL PROTECTED]> wrote:
McGovern, James F wrote:
> I have yet to find a large enterprise that has made a significant investment in such tools.
I’ll give you pointers to two. They’re two of the three largest software companies in the world.
http://news.com.com/2100-1002_3-5220488.html
http://news.zdnet.com/2100-3513_22-6002747.html
Brian
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information. If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited. If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php