I'm looking at the possibility of moving into a new job with my current employer - probably sometime next year. Currently I'm a software engineer/project manager for a financial services and insurance company. The job that I want to move into will involve working with all branches of the company to ensure that software we create meets the security requirements our clients expect.
Does anyone have and good resources about sofware security? I'm not talking about language specifics, but more about the overall process of securing software and data. I know that as a service provider to banks that we fall under Sarbanes-Oxley. We also have to have SAS 70 audits (so far just Level I, but we've got a Level II scheduled for next year). Where can I find good "plain English" information about these requirements as well and other industry standards type of info?
Thanks!
-Dell
A computer only does what you actually told it to do - not what you thought you told it to do.
Does anyone have and good resources about sofware security? I'm not talking about language specifics, but more about the overall process of securing software and data. I know that as a service provider to banks that we fall under Sarbanes-Oxley. We also have to have SAS 70 audits (so far just Level I, but we've got a Level II scheduled for next year). Where can I find good "plain English" information about these requirements as well and other industry standards type of info?
Thanks!
-Dell
A computer only does what you actually told it to do - not what you thought you told it to do.