Creating the secure software testing target list

Most organizations want assurance that their software has been tested for known security issues. Government, industry and academia are working together to make this more economical and effective. In addition to the obvious relevance to software development groups, acquisition groups in large government and private organizations are also moving to require that these types of testing be part of contracts. The capabilities for evaluating code, design, and architecture are maturing, however, there are currently no standards defining these types of capabilities and how to evaluate them. This lack of defined standards leaves open the question of which technique, service or tool is most appropriate for particular jobs and how effective they are at performing them.