On 04/12/2011 04:32 PM, James Manico wrote:
> Hi Gary,
>
> You may wish to consider the OWASP Legal Project at
> https://www.owasp.org/index.php/Category:OWASP_Legal_Project which is
> a positive, free, and open resource to assist in building legal
> contractal agreements around software security with your vendors.
>
> The state of NY procurement and others have been using this material
> as a basis for vendor contract language for years.
Along the same lines, the SANS Institute has formulated their
"Application Security Procurement Language"
<http://www.sans.org/appseccontract/>
While IANAL seems to be heavily borrowed (with proper acks) from the
OWASP Legal Project.
-kevin
--
Kevin W. Wall
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We cause accidents." -- Nathaniel Borenstein, co-creator of MIME
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________
