WebApp Sec mailing list archives
SAS 70 and software policies
From: "James Strassburg" <JStrassburg () directs com>
Date: Fri, 30 Sep 2005 09:45:24 -0500
My organization is currently preparing for a SAS 70 audit. We started writing web application security standards a while ago. That got extended to a software engineering security policy and that got extended to a full software engineering policy covering our entire SDLC. My question is not about web app sec, however, but rather user developed macros. Should user (and by user I mean non-software developer) developed macros be subject to the same software lifecycle that our production apps would? If not what about if the macros hit production databases or other production network resources? This is the best channel I can think of for this question so I apologize if it is inappropriate. If anyone knows of a better channel please let me know. thanks. James A. Strassburg Jr. Software Security Architect Direct Supply, Inc.
Current thread:
- SAS 70 and software policies James Strassburg (Sep 30)