New York adds security requirement to software contracts
Empire State to require vendor review of top 25 vulnerabilities
- By Kevin McCaney
- Jan 21, 2009
New York state, making quick use of the recently released top 25 list of the most dangerous programming errors, plans to require the state’s software vendors to analyze their products against the list, InternetNews.com has reported.
New York officials plan to include a requirement in all contracts requiring vendors to document how their software has mitigated or otherwise addressed those common weaknesses. The state also has developed a program with universities and colleges to train students in secure programming.
The top 25 list, managed by the Sans Institute and Mitre with support from the National Security Agency and the Homeland Security Department’s National Cyber Security Division, is culled from more than 700 entries in the Common Weakness Enumeration database. Released on Jan. 12, it is designed to identify the most significant errors that programmers should concentrate on.
Kevin McCaney is editor of Defense Systems. Follow him on Twitter: @KevinMcCaney.