New York adds security requirement to software contracts

Empire State to require vendor review of top 25 vulnerabilities

New York state, making quick use of the recently released top 25 list of the most dangerous programming errors, plans to require the state’s software vendors to analyze their products against the list,  has reported.

New York officials plan to include a requirement in all contracts requiring vendors to document how their software has mitigated or otherwise addressed those common weaknesses. The state also has developed a program with universities and colleges to train students in secure programming.

The top 25 list, managed by the Sans Institute and Mitre with support from the National Security Agency and the Homeland Security Department’s National Cyber Security Division, is culled from more than 700 entries in the Common Weakness Enumeration database. Released on Jan. 12, it is designed to identify the most significant errors that programmers should concentrate on.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

inside gcn

  • power grid (elxeneize/

    Electric grid protection through low-cost sensors, machine learning

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group