You know that I am a big fan of Security Development Lifecycles as we run it internally to build code which is more resilient against attacks. And I recently blogged on Security - A Feature Discussion? Some Thoughts on Google's Chrome OS as I am convinced that it is much more important to look into the process how software is engineered rather than the features of the products – they come second in my opinion.
This morning I read an article called Questions to Ask Your Security Vendor. Well, I am not clear why you should only ask the questions to your security vendor as they are completely process related – ask them to all your vendors and think about the answers when you use publically available code as well to run your business on.
I think the questions in the article are great and absolutely to the point! Read them and ask them