If you haven’t read it, lay your hands on the new Software Integrity Risk Report from Forrester. It confirms what many of us have suspected for a long time: businesses don’t adequately review the code developed by their third party contractors. In fact, according to Forrester, only about half of companies use the same level of rigor in vetting third party code as they do for their own in-house software. The Forrester report should serve notice that businesses must be more rigorous in their contracts with third party developers, outsource vendors, and others. Those contracts must include specific protections regarding acceptance testing, quality of code, quality assurance, development practices, use of open source and other third party code, and related matters. These are, unfortunately, exactly the type of protections that vendors frequently object to, placing their customers in the position of having to pay for code that may not have been properly vetted. Businesses must stand strong and insist on these basic protections. Related content opinion Finding Common Threads in Privacy and Information Security Laws. By Michael Overly Apr 26, 2013 3 mins Compliance opinion Ensure Your Data is Securely Deleted By Michael Overly Mar 11, 2013 2 mins Cloud Security opinion CIA in the Cloud By Michael Overly Dec 18, 2012 2 mins Cloud Security opinion Overreacting to Information Security By Michael Overly Dec 10, 2012 2 mins Privacy Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe