WebApp Sec mailing list archives
Free Outsourcing Software Security Webcast
From: "Mark Curphey" <mark () curphey com>
Date: Tue, 9 Nov 2004 13:10:32 -0500
Shameless self-promotion ;-) http://www.foundstone.com/resources/webcasts.htm Title: Trust but Verify: How to Manage Risk in Outsourced Applications Date: November 18th Time: 8:00 EST Speakers: Mark Curphey of Foundstone and Jack Danahy of Ounce Labs Organizations are outsourcing application development more than ever before, with $48 billion in projects annually expected by 2007. Very few of those projects have adequately managed the security risks involved in developing critical applications out-of-house, largely because they lack the ability to measure the results effectively. The right planning, tools, and contract requirements, combined with reliable metrics on which to base acceptance criteria, can reduce those risks dramatically. This presentation will describe suggested methods for developing an outsourcer report card to: 1) Ensure proper security programs are in place 2) Most effectively analyze outsourced applications 3) Use that data to measure the security state of the delivered code 4) Develop baseline metrics to use as security acceptance criteria Kind regards, Mark
Current thread:
- Free Outsourcing Software Security Webcast Mark Curphey (Nov 09)