EPRI: Electric Power Research Institute

Software Development

Software Security Policy

As a minimum, the following requirements must be met:

  • No viruses

  • No "Backdoors"

  • No "Trojan Horses"

  • No passwords viewable in plain text nor kept in an open-access file (or database in plain text)

  • Utilizes authentication and access control as appropriate

  • Offers the ability to use Windows Authentication as well as proprietary authentication when both are available (i.e., using Windows Authentication and MS SQL Authentication)

  • Tested for Open Web Application Security Project (OWASP) "Top Ten Project" Security Vulnerabilities (i.e., SQL Injection, Cross-Site Scripting, Username Enumeration, etc.)

  • Security issues and security plan covered and described in the Software Requirements Document (SRD)

  • Follow secure coding guidelines (e.g., .NET Framework 3.5 Secure Coding Guidelines: http://msdn.microsoft.com/en-us/library/d55zzx87(v=VS.90).aspx , etc.)