Filetype PDF | Posted on 07 Feb 2023 | 2 years ago
Authentication
digital resources
138x Filetype PDF File size 0.09 MB Source: owasp.org
Contract Annex
Secure Software Development Contract Annex
Build Security In,
Before the Building Begins
The OWASP Secure Software Development Contract Annex helps software
developers and their clients negotiate and capture important contractual terms
and conditions related to the security of the software to be developed or
delivered. Most contracts are silent on these issues, and the parties frequently
have dramatically different views on what has actually been agreed to. Clearly
articulating these terms is the best way to ensure that both parties can make
informed decisions about how to proceed. There are currently versions in English.
Contact a Qualified
What are the Benefits of
Build security in using a
contract: Attorney, but Bring the Negotiating and Capturing
Contract Annex With you!
Define security- Security-Related Terms and
related life cycle
The OWASP Secure Software Conditions?
activities Development Contract Annex is
There are many benefits to working
Define security guidance, but it’s guidance that you
through the OWASP Secure Software
requirement areas should take with you when you talk to Development Contract Annex. The
a qualified attorney to negotiate and
Require security capture important contractual terms principal one is that it will make
analysis and testing and conditions related to the security expectations clear between the parties
using an agreed-upon of the software to be developed or involved. In some cases it will help to
standard (such as the prevent lawsuits when difficult security
delivered.
OWASP ASVS). problems surface in the software. Also,
The Contract Annex is a starting point these are the same activities that are
for your agreement. You may not like required by many legal and regulatory
all the activities, or may want to compliance reasons.
propose more. You may want to assign The goal of the Contract Annex is simply
responsibilities differently. The to ensure, at each stage of the lifecycle,
Contract Annex is not intended to that appropriate attention has been paid
exactly capture the needs of all to security. An additional benefit is that
software Clients and Developers. It is this documentation can be collected
intended to provide a framework for together to form a “certification
discussing the key topics that are package” that essentially lays out the
important to ensuring that software argument for why this software should
ends up secure. After you have a be trusted to do what it claims it does.
security discussion and reach
agreement, you should tailor this
agreement to match. Project Sponsors
The OWASP Legal project is sponsored
by:
P
OWAS
The Open Web Application Security Project
no reviews yet
Please Login to review.
