Q: Does your organization have software security procedures (standards, processes, or methodologies) for software development?
Though most organizations represented in our survey did have some security procedures in place, Elli Benattan wasn't celebrating. "Overall, this is not an encouraging picture because it makes it difficult, if not impossible, to establish a defined level of security that can be expected from all or even most software products. True, in some cases, developers may be reluctant to adopt publicly available security standards and procedures because they may perceive the public nature of them as defeating their purpose. But these are solvable problems, since a level of confidentiality can be maintained even when using industry-wide standards."
* Excerpted from "Secure Software: Part III -- Making Software Developers Liable for Security Failures" (
), Agile Product and Project Management Executive Update, Vol. 13 No. 4.