Open NH-Jedi opened 7 years ago
digitalstandard-bot
commented
7 years ago Thank you for helping shape the Digital Standard. Addressing privacy, security, and data issues in the marketplace requires a community-driven response.
The partners meet once every 3 months to review pull requests. The next meeting is scheduled for mid-May.
Thanks again!
KatieMcInnis
commented
6 years ago @mrerecich & @secretrobotron --can you respond?
NH-Jedi
commented
6 years ago @KatieMcInnis I'm not sure who you are requesting to respond to what comment. This thread, with limited posts, dates to a year ago.
secretrobotron
commented
6 years ago Hey @NH-Jedi . @KatieMcInnis was asking @mrerecich and I to weigh in on the topic.
Potentially, we could add something to the the Governance/Compliance or Security sections of the DS. In particular (and I'm not an ISO expert) perhaps there are SE certifications that can bolster the "Best Build Practices" criteria as an indicator, or more likely, a procedure.
In any case, I think it makes sense to take any certified sign-off into account, filtered through the lens of tests & criteria the Digital Standard already has laid out. The specifics of that might depend on the actual product being tested against the Standard.
@NH-Jedi do you have any further ideas about how to incorporate these certifications? Have you seen it done effectively in another place?
KatieMcInnis
commented
6 years ago @secretrobotron you beat me to the punch. :)
thanks for your comment, @NH-Jedi --and I apologize that we did not reply sooner. However, we are preparing for another meeting with our partners and are trying to make sure that we have a comprehensive list of issues and pull requests to discuss during this meeting (thus we are sifting through all of the open issues).
Thanks again for your help shaping the Digital Standard!
billfitzgerald
commented
1 year ago Adding "out of scope" label.
This is not something that has been generally applicable to products under test.
There are US and ISO standards for software engineering from requirements to validation. These are built on the Software Engineering Body of Knowledge, and define best practices that affect security, quality of code, and many other aspects. The relationship between this work and the formal standards in this area should be defined. Also, when (or if) licensed software engineers should "sign off" on projects would be a good point to consider as well (this is the norm in many engineering fields when health or safety are at risk, since most software projects do not have these characteristics, it has not been a concern in the past.) https://www.iso.org/committee/45086/x/catalogue/ for ISO standards, most developed by IEEE https://www.computer.org/web/standards/s2esc IEEE Computer Society reference http://ncees.org/ncees-introduces-pe-exam-for-software-engineering/ for information on software engineering licensing in the U.S.