138x Filetype PDF File size 0.09 MB Source: owasp.org
Contract Annex Secure Software Development Contract Annex Build Security In, Before the Building Begins The OWASP Secure Software Development Contract Annex helps software developers and their clients negotiate and capture important contractual terms and conditions related to the security of the software to be developed or delivered. Most contracts are silent on these issues, and the parties frequently have dramatically different views on what has actually been agreed to. Clearly articulating these terms is the best way to ensure that both parties can make informed decisions about how to proceed. There are currently versions in English. Contact a Qualified What are the Benefits of Build security in using a contract: Attorney, but Bring the Negotiating and Capturing Contract Annex With you! Define security- Security-Related Terms and related life cycle The OWASP Secure Software Conditions? activities Development Contract Annex is There are many benefits to working Define security guidance, but it’s guidance that you through the OWASP Secure Software requirement areas should take with you when you talk to Development Contract Annex. The a qualified attorney to negotiate and Require security capture important contractual terms principal one is that it will make analysis and testing and conditions related to the security expectations clear between the parties using an agreed-upon of the software to be developed or involved. In some cases it will help to standard (such as the prevent lawsuits when difficult security delivered. OWASP ASVS). problems surface in the software. Also, The Contract Annex is a starting point these are the same activities that are for your agreement. You may not like required by many legal and regulatory all the activities, or may want to compliance reasons. propose more. You may want to assign The goal of the Contract Annex is simply responsibilities differently. The to ensure, at each stage of the lifecycle, Contract Annex is not intended to that appropriate attention has been paid exactly capture the needs of all to security. An additional benefit is that software Clients and Developers. It is this documentation can be collected intended to provide a framework for together to form a “certification discussing the key topics that are package” that essentially lays out the important to ensuring that software argument for why this software should ends up secure. After you have a be trusted to do what it claims it does. security discussion and reach agreement, you should tailor this agreement to match. Project Sponsors The OWASP Legal project is sponsored by: P OWAS The Open Web Application Security Project
no reviews yet
Please Login to review.