The importance of high security standards of software products and their source code in public procurement processes continues to grow. It is very important to ensure that any software delivered as a result of a public procurement process adheres to high standards in application security. Software in the public sector has consistently high requirements with regard to confidentiality, integrity and availability. Checkmarx has long standing experience in providing methodologies and best practices for secure development as well as the technical solution to check the security of source code and open source components that are included in a software product provided as a result of a public procurement process. Two key aspect are (1) to assess the maturity of the secure software development process of the supplier and how the supplier can provide evidence that its software development process follows high security standards in the development process and furthermore (2) that suppliers provide documentation of the results of technical solutions/tools used to verify the security of the software and its source code. In this talk I will give an introduction on best practices to follow and our proposed approach from long standing experience in application security.

Videorecord