N.Y. considers software security policy
It seems that government agencies will be on the cutting edge of ensuring that tech companies adhere to best practices for security in product design and development.
Earlier this month, I predicted that large companies may soon adopt policies mandating that technology vendors adhere to best practices for security in product design and development.
I also suggested that government agencies may be on the cutting edge of adopting these types of policies.
On Monday, I read a preliminary report that New York state may be the first government to move forward with this type of policy. Apparently, New York will use the Common Weakness Enumeration/SANS Institute list of the Top 25 Most Dangerous Programming Errors as a baseline for software security. Under the proposal, vendors selling software to New York state must document how their software developers design and test code in order to prevent problems.
Kudos to the Empire State for taking the lead on this critical issue. Given the recent news at Heartland Payment Systems and Monster, New York's action is timely and a sign of things to come.