Office of Cyber Security & Critical Infrastructure Coordination

Office of Cyber Security & Critical Infrastructure Coordination

Application Security Procurement Language

Application security is a crucial layer in a multi-tiered cyber security strategy. Building security in at the beginning of development is an important factor in minimizing potential vulnerabilities.

A key effort in achieving application security is in the procurement of secure code. Best practice guidelines have been developed to facilitate this process. The goal is that known security flaws are remediated before the custom software is delivered.

These guidelines are best practices only and are a collaborative effort with both the public and private sectors. By working together, we will achieve the common goal of strengthening our cyber security environment.

Please note that the proposed procurement guidelines incorporate in part language utilizing the OWASP Secure Software Contract Annex.

We invite comments and feedback on these guidelines. They will continue to improve and evolve over time.  You may submit comments to info@cscic.state.ny.us

 

Join the Workgroup!

We invite your participation in a workgroup to further develop and enhance these guidelines.

Application Security Procurement Language - updated draft to be posted soon.