[unisog] Security Verbage for Bids or Request for Purchase

marchany at vt.edu marchany at vt.edu
Thu Apr 14 17:14:04 GMT 2005


We've had a clause in our software purchasing contracts that requires the 
vendor to certify their software isn't vulnerable to the SANS/FBI Top 20 
Vulnerabilities. It's been in place since 2002 and we've only had 3 vendors 
balk since then. I've attached a screenshot of an example.

	-r.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: top20purchaseorder.jpg
Type: image/jpeg
Size: 163495 bytes
Desc: top20purchaseorder.jpg
Url : http://www.dshield.org/pipermail/unisog/attachments/20050414/ddd01e31/top20purchaseorder-0001.jpg


More information about the unisog mailing list