An attribution would have avoided a problem here.
Marcin has a post up comparing the SANS Application Security Procurement Language and the OWASP Secure Software Contract Annex.
Give it a read and see what you think.
Kevin
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=bcfdc161-764a-4a14-b5ee-4ea15b37b419)
Somebody Got Some Splaining To Do