DCSP #8

Secure Software Development and OWASP

By Peter van Schelven   For years now, IT practice has shown us that so many contracts on the development of software have been troublesome on one main subject: the specifications of what has to be developed, delivered and implemented. These specifications often turn out to be vague, incomplete, inconsistent or incomprehensible. As a result, the features and capabilities of software can be disappointing and parties can easily argue about what has actually been agreed to. We see this problem even more regularly with regard to the security of software. A lot of software development contracts are rather silent on security-related specifications and security-specific terms and conditions.   When developing and implementing websites and web applications, software developers sometimes ignore the Open Web Application Security Project (OWASP). That is remarkable. After all, OWASP is a security platform on which software professionals, companies and other organizations share useful information and techniques about the security of web-applications....

Continue Reading

Six Questions on Data and Privacy to… VNO-NCW / MKB-Nederland

By Irvette Tempelman - VNO-NCW / MKB-Nederland   We spoke with Irvette Tempelman – Secretary of Policy who deals with privacy, consumer policy and the regulation of artificial intelligence.   Question 1) The VNO-NCW / MKB-Nederland is an association of entrepreneurs, with branch organisations and companies as members. You represent companies of all sectors and sizes and cooperate with several governments. What are currently the main policy topics regarding the protection of personal data? One of the main topics is the fact that the GDPR is still the number 1 regulatory burden for companies, especially for SMEs. The GDPR is a complex piece of legislation. Companies in general are more than willing to implement the GDPR but remain to have many unsolved questions as how to do it. Another important topic is the necessity of a more balanced interpretation of the GDPR. The Dutch DPA is known to interpret the GDPR more restrictively compared to other...

Continue Reading