Re: Software security specifications

["Jeff Williams" <jeff.williams () aspectsecurity com>]

Check out the OWASP Secure Software Development Contract Annex 
(http://www.owasp.org/documentation/legal.html)

Everyone involved with a software contracting relationship of any kind, even 
within a single application team, should have a discussion about security. 
This document is a *starting point* and is intended to facilitate that 
discussion.

Please let the team know if this document is helpful, or if you don't like 
the model.  We're actively trying to improve the document.

--Jeff

Jeff Williams
The OWASP Foundation
www.owasp.org

----- Original Message ----- 
From: <i.matilde () gmail com>
To: <webappsec () securityfocus com>; <secprog () securityfocus com>
Sent: Monday, February 21, 2005 11:17 AM
Subject: Software security specifications


> I need to develop a policy that will list security requirements for
> new applications developed internally or by contractors, general
> specifications like validate input ecc...., I am looking for some good
> resources on the subject, any recommendations?
>
> Best Regards,
>
> Shawn