Five federal agencies, in collaboration with the Center for Internet Security and Oracle Corp., tomorrow will announce a broad federal procurement initiative to improve software security.. . .
Five federal agencies, in collaboration with the Center for Internet Security and Oracle Corp., tomorrow will announce a broad federal procurement initiative to improve software security.

Under the initiative, software vendors will have to ensure that their software meets specific safe configuration requirements and that any fixes they provide to patch vulnerabilities are reliable and won't compromise these configurations.

The idea behind the initiative is to use the federal government's purchasing power to make software vendors accept more responsibility for the security of their software, said Alan Paller, director of the SANS Institute, a Bethesda, Md.-based security research firm.

The initiative was prompted by the growing problems users face because of unsafe software configurations, he said, adding that software vendors will be required to ensure that default settings are secure to avoid problems later on.

The federal government recently launched a procurement program called SmartBuy, which it hopes will drive better pricing and contractual terms from software vendors by consolidating purchases. SmartBuy will allow federal agencies to negotiate tougher terms relating to security, Paller said. The initiative being announced Tuesday is an example of that tougher stance.

The link for this article located at ComputerWorld is no longer available.