A Software Procurement and Security Primer

Given society´s increasing dependence on software-intensive systems, each business unit within an organization should examine its role in delivering and deploying secure systems. Software procurement is an early element of the process that organizations often leave out of the security equation until an incident occurs and sensitive materials, such as personally identifiable information from a customer database, are lost or misused. This article explores some useful concepts that help integrate security more firmly into the software-procurement process. In keeping with Basic Training´s spirit, these concepts are merely food for thought - a conceptual framework for asking the right questions at the right time. For those involved with software or software procurement in an organization, it helps to start by asking potential vendors some simple questions about their software-development processes, education and training, and accountability