Many folks acknowledge that outsourcing poses additional challenges to enterprises. OWASP has done a wonderful job in terms of creating boilerplate for procuring software, but nothing exists in terms of procuring services. What is the best entity to create standard boilerplate for outsourcing?
Large enterprises have information protection policies which are statements of controls that can be audited by firms such as Deloitte. Are there any good examples of "controls" that enterprises have adopted in terms of secure coding practices that are publicly available? One thought that I had is that secure coding practices could be pervasively implemented if we as a community started to serve on non-profit advisory boards as these folks are the most exposed. How does one find opportunities to serve in this capacity. ************************************************************************* This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************************* _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________