[prev in list] [next in list] [prev in thread] [next in thread] 

List:       websecurity
Subject:    Re: [WEB SECURITY] Security certification
From:       "James Landis" <jcl24 () cornell ! edu>
Date:       2008-12-03 19:22:43
Message-ID: ce8a28b10812031122u645d2ba2v514fac7424d65474 () mail ! gmail ! com
[Download RAW message or body]

Many organizations are using SAS70 Type II audits to meet external
certification requirements. SAS70 doesn't describe a standard set of
controls; it is up to each organization to enumerate the security
controls that will be audited. That list can definitely include SDL
controls.

Almost nobody has gone through the effort of ISO27001 certification,
but there is a lot of recognition for this as being very difficult to
get and thus good evidence of strong controls.

-j

On Wed, Dec 3, 2008 at 3:56 AM, application.secure application.secure
<application.secure@gmail.com> wrote:
> Hello,
>
> We are looking for security certifications for organizations (not for
> consultants) like ISOXXXX ...
> Especially, does some kind of SDL certification exists?
>
> Thanks in advance.
>
>
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

[prev in list] [next in list] [prev in thread] [next in thread]