Software Security Policy
As a minimum, the following requirements must be met:
- No viruses
- No "Backdoors"
- No "Trojan Horses"
- No passwords viewable in plain text nor kept in an open-access file (or database
in plain text)
- Utilizes authentication and access control as appropriate
- Offers the ability to use Windows Authentication as well as proprietary authentication
when both are available (i.e., using Windows Authentication and MS SQL Authentication)
- Tested for Open
Web Application Security Project (OWASP)
"Top Ten Project" Security Vulnerabilities (i.e., SQL Injection, Cross-Site
Scripting, Username Enumeration, etc.)
- Security issues and security plan covered and described in the Software Requirements Document (SRD)
- Follow secure coding guidelines (e.g., .NET Framework 3.5 Secure Coding Guidelines:
http://msdn.microsoft.com/en-us/library/d55zzx87(v=VS.90).aspx
, etc.)