What to ask the software vendors about their security practices
<-.! .post-summary ->
It’s hard to find out if the software is safe but the Software Assurance Forum for Excellence in Code (SAFECode) has issued guidelines to facilitate this, especially for companies trying to decide which products to buy.
The group published the study “ Principles for Software Assurance Assessment “, which recommends some questions that corporate software buyers should do their suppliers so they end up less likely products to security breaches.
One of the major problems that these buyers face is that they do not know the relevant questions to ask, says Eric Baize, president of SAFECode and senior director product safety and reliable engineering at EMC
To get to these questions, the SAFECode interviewed its members -. including Adobe Systems, CA Technologies, EMC, Intel, Microsoft, SAP, Siemens and Symantec – to know to documentation that give customers. Also asked the prominent companies that buy software which find it useful to ask and the information they find useful to receive from sellers, according to the “white paper”.
The concerns raised by customers and suppliers reveal that often do not at the same level, though, and both wanting the same thing. – ensuring that the software is safe and secure
For example, customers say they need to understand if a software vendor has a process safe development and was applied to the product they are considering buying.
At the same time, software vendors say there is no agreement on what specifically customers should ask, and that some of the things they request are not actually aligned with the development of safety practices in the real world.
No comments:
Post a Comment