Q: Does your organization have software security procedures (standards, processes, or methodologies) for software development?
Senior Consultant E.M. Benattan sees this distribution of responses as discouraging, "... because it makes it difficult, if not impossible, to establish a defined level of security that can be expected from all or even most software products. True, in some cases, developers may be reluctant to adopt publicly available security standards and procedures because they may perceive the public nature of them as defeating their purpose. But these are solvable problems, since a level of confidentiality can be maintained even when using industry-wide standards."
* Excerpted from "Secure Software: Part III -- Making Software Developers Liable for Security Failures" (
), Agile Project and Product Management Executive Update, Vol. 13, No. 4.