Improving the procurement language in your software contracts is an effective way to convey requirements for built-in security. Too many examples of afterthought bolt-on security have put enterprises and users at risk due to exploitable software.
Historically, there has been no shared liability associated with software because standard contracts have absolved software suppliers and outsourced development providers. This “caveat emptor” method no longer works as software is now included in life critical functions and devices, from personal medical devices to automobiles. Procurement professionals should instead strive to create demand for secure software by adopting a procurement governance model that includes security up-front in vendor selection and contract negotiation processes.