Trust, But Verify: How to Manage Risk in Outsourced Applications
Source: Ounce Labs
Save money. Speed development. Augment staff resources. Tap expertise not available internally. The reasons for outsourcing application development are many and varied. Outsourcing can be a cost-effective and efficient solution to the demand for new and specialized applications in today's internet-based marketplace. It is absolutely critical, however, that the team responsible for evaluating the outsourced application makes security one of its principal criteria prior to acceptance of each release. There must be a mutually agreed-upon process in place to articulate and certify the security of the delivered project. Armed with that information, organizations are able to manage application risk and balance remediation priorities.