...
DoD acquisition programs are specifying The Application Security and Development Security Technical Implementation Guide (STIG), Version 23, Release 1 10 [DISA 20082015] in requests for proposal (RFPs). Section 2.1.5, "Coding Standards," requires that "the Program Manager will ensure the development team follows a set of coding standards."
The proper application of this standard would enable a system to comply with the following requirements from the Application Security and Development Security Technical Implementation Guide, Version 23, Release 1 10 [DISA 20082015]:
- (APP2060.1: CAT II) The Program Manager will ensure the development team follows a set of coding standards.
...
- (APP3570: CAT I) The Designer will ensure the application does not allow Command Injectioncommand injection.
- (APP3590.1: CAT I) The Designer will ensure the application does not have buffer overflows.
...
Training programmers and software testers on the standard will satisfy the following requirements:
- (APP2120.3: CAT II) The Program Manager will ensure developers are provided with training on secure design and coding practices on at least an annual basis.
- (APP2120.4: CAT II) The Program Manager will ensure testers are provided training on an annual trainingbasis.
- (APP2060.3: CAT II) The Designer will follow the established coding standards established for the project.
...