New York adds security requirement to software contracts

Empire State to require vendor review of top 25 vulnerabilities

New York state, making quick use of the recently released top 25 list of the most dangerous programming errors, plans to require the state’s software vendors to analyze their products against the list,  has reported.

New York officials plan to include a requirement in all contracts requiring vendors to document how their software has mitigated or otherwise addressed those common weaknesses. The state also has developed a program with universities and colleges to train students in secure programming.

The top 25 list, managed by the Sans Institute and Mitre with support from the National Security Agency and the Homeland Security Department’s National Cyber Security Division, is culled from more than 700 entries in the Common Weakness Enumeration database. Released on Jan. 12, it is designed to identify the most significant errors that programmers should concentrate on.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.