Businesses run on software; it gives us the features and functions needed to make our teams more productive. In order to get those features and functions, we turn to third party software suppliers for the latest and greatest. However, these software suppliers that produce these nifty applications need to apply the same software security measures enterprises use for their internal software development. Unfortunately, too few enterprises have taken the steps necessary to understand the approach these software suppliers are taking for software security.

In an effort to address this issue, a group of leading banks, insurance, and mortgage companies including Morgan Stanley, Citi, Goldman Sachs, RBS Citizens, Thomson Reuters, Aetna, and many others have proposed controls types which enterprises can integrate into their vendor governance program to better understand the security of their vendor-supplied software. To learn more about these control types, download the whitepaper, “Appropriate Software Security Control Types for Third Party Service and Product Providers.”

In the below video, Jim Routh, CISO of Aetna and a member of the group that designed these recommendations, describes why this issue needs to be addressed and discusses the intend and purpose for each of the three controls.

For more commentary and critical analysis of the controls proposed by FS-ISAC by Jim Routh, Wendy Nather, and Chris Wysopal register here.

About Anne Nielsen

Senior Product Manager for Veracode’s IT Supply Chain product line. Anne works with Veracode’s enterprise customers to reduce the risk from their third-party applications, frameworks and components. She also works with Independent Software Vendors (ISVs) to ensure they meet corporate security policies for their enterprise customers, based on minimum acceptable levels of risk.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.