The maker of a software security analysis tool is promoting quality assurance for outsourced code development. "We're going to help drive new behavior," said Jack Danahy, president and CEO of Ounce Labs Inc. of Waltham, Mass. . . .
The maker of a software security analysis tool is promoting quality assurance for outsourced code development.

"We're going to help drive new behavior," said Jack Danahy, president and CEO of Ounce Labs Inc. of Waltham, Mass.

Ounce Labs has published sample contract language for software development that sets specific security standards and requires a security audit of the source code. The language frees the buyer from having to pay for software that does not meet the standards.

Danahy made no bones about the fact that adoption of the contract language could expand the market for his company's flagship analysis tool, Prexis. But outsiders, including at least one government IT administrator, also welcome the contract addendum.

"It is incredibly significant," said Jamie Gateau, director of technology innovation for the Naval Network and Space Operations Command in Dahlgren, Va.

Part of his job is overseeing software development, whether in-house or outsourced.

Gateau can control the work in house, he said, "but when I'm dealing with contractors, we didn't have contract language to specify secure code. Now we finally have the beginnings of a language to talk about how we're going to hold people responsible for secure coding."

The link for this article located at William Jackson is no longer available.