As a minimum, the following requirements must be met:

• No viruses
  
  
• No "Backdoors"
  
  
• No "Trojan Horses"
  
  
• No passwords viewable in plain text nor kept in an open-access file (or database in plain text)
  
  
• Utilizes authentication and access control as appropriate
  
  
• Offers the ability to use Windows Authentication as well as proprietary authentication when both are available (i.e., using Windows Authentication and MS SQL Authentication)
  
  
• Tested for Open Web Application Security Project (OWASP) "Top Ten Project" Security Vulnerabilities (i.e., SQL Injection, Cross-Site Scripting, Username Enumeration, etc.)
  
  
• Security issues and security plan covered and described in the Software Requirements Document (SRD)
  
  
• Follow secure coding guidelines (e.g., .NET Framework 3.5 Secure Coding Guidelines: http://msdn.microsoft.com/en-us/library/d55zzx87(v=VS.90).aspx , etc.)