jagomart
digital resources
picture1_Contracts Pdf 196087 | Legal One Page Handout


 138x       Filetype PDF       File size 0.09 MB       Source: owasp.org


File: Contracts Pdf 196087 | Legal One Page Handout
contract annex secure software development contract annex build security in before the building begins the owasp secure software development contract annex helps software developers and their clients negotiate and capture ...

icon picture PDF Filetype PDF | Posted on 07 Feb 2023 | 2 years ago
Partial capture of text on file.
                                                                                                                                          Contract Annex
                                                                                              Secure Software Development Contract Annex 
                           
                           
                           
                                                             Build Security In,  
                           
                                                             Before the Building Begins 
                           
                                                              
                                                             The OWASP Secure Software Development Contract Annex helps software 
                                                             developers and their clients negotiate and capture important contractual terms 
                                                             and conditions related to the security of the software to be developed or 
                                                             delivered. Most contracts are silent on these issues, and the parties frequently 
                                                             have dramatically different views on what has actually been agreed to. Clearly 
                                                             articulating these terms is the best way to ensure that both parties can make 
                                                             informed decisions about how to proceed. There are currently versions in English. 
                                                             Contact a Qualified 
                                                                                                                   What are the Benefits of 
                Build security in using a 
                contract:                                    Attorney, but Bring the                               Negotiating and Capturing 
                           
                                                             Contract Annex With you! 
                     Define security-                                                                             Security-Related Terms and 
                      related life cycle 
                                                             The OWASP Secure Software                             Conditions? 
                      activities                             Development Contract Annex is 
                                                                                                                   There are many benefits to working 
                     Define security                        guidance, but it’s guidance that you 
                                                                                                                   through the OWASP Secure Software 
                      requirement areas                      should take with you when you talk to                 Development Contract Annex. The 
                                                             a qualified attorney to negotiate and 
                     Require security                       capture important contractual terms                   principal one is that it will make 
                           
                      analysis and testing                   and conditions related to the security                expectations clear between the parties 
                           
                      using an agreed-upon                   of the software to be developed or                    involved. In some cases it will help to 
                      standard (such as the                                                                        prevent lawsuits when difficult security 
                                                             delivered. 
                      OWASP ASVS).                                                                                 problems surface in the software. Also, 
                                                             The Contract Annex is a starting point                these are the same activities that are 
                                                             for your agreement. You may not like                  required by many legal and regulatory 
                                                             all the activities, or may want to                    compliance reasons. 
                                                             propose more. You may want to assign                  The goal of the Contract Annex is simply 
                                                             responsibilities differently. The                     to ensure, at each stage of the lifecycle, 
                                                             Contract Annex is not intended to                     that appropriate attention has been paid 
                                                             exactly capture the needs of all                      to security. An additional benefit is that 
                                                             software Clients and Developers. It is                this documentation can be collected 
                                                             intended to provide a framework for                   together to form a “certification 
                                                             discussing the key topics that are                    package” that essentially lays out the 
                                                             important to ensuring that software                   argument for why this software should 
                                                             ends up secure. After you have a                      be trusted to do what it claims it does. 
                                                             security discussion and reach 
                                                             agreement, you should tailor this                           
                                                             agreement to match.                                   Project Sponsors 
                                                                                                                   The OWASP Legal project is sponsored 
                                                                                                                   by: 
                                                                      P
                                                             OWAS
                                                             The Open Web Application Security Project 
The words contained in this file might help you see if this file matches what you are looking for:

...Contract annex secure software development build security in before the building begins owasp helps developers and their clients negotiate capture important contractual terms conditions related to of be developed or delivered most contracts are silent on these issues parties frequently have dramatically different views what has actually been agreed clearly articulating is best way ensure that both can make informed decisions about how proceed there currently versions english contact a qualified benefits using attorney but bring negotiating capturing with you define life cycle activities many working guidance it s through requirement areas should take when talk require principal one will analysis testing expectations clear between an upon involved some cases help standard such as prevent lawsuits difficult asvs problems surface also starting point same for your agreement may not like required by legal regulatory all want compliance reasons propose more assign goal simply responsibilitie...

no reviews yet
Please Login to review.