Ship (A5): SDL Activities and Best Practices 223
In addition, a response plan detailing appropriate processes and proce-
dures must be developed that includes preparations for potential post-
release issues. In addition to external vulnerability disclosure responses,
this phase should include internal review for new product combinations
or cloud deployment, post-release certifications, security architectural
reviews, and tool-based assessments of current, legacy, and M&A pro-
ducts and solutions, as well as third-party reviews of released software
products that may be required by customers, regulatory requirements,
or industry standards.
References
1. Paul, R. (2008). “Diebold Faces GPL Infringement Lawsuit over Voting Machines:
Artifex Software, the Company Behind Ghostscript, Has Filed a Lawsuit
Against. . . .” Arstechnica: Technology Lab/Information Technology, November
4. Available at http://arstechnica.com/information-technology/2008/11/
diebold-faces-gpl-infringement-lawsuit-over-voting-machines.
2. Broersma, M. (2007). “Skype Found Guilty of GPL Violations.” IDG News
Service, July 26. Available at http://www.pcworld.com/article/135120/article.
html.
3. McDougall, P. (2008). “Verizon Settles Open Source Software Lawsuit:
The Issue Centered on Claims That a Subcontractor Used an Open Source
Program Called BusyBox in Verizon’s Wireless Routers.” Information
Week, March 17. Available at http://www.informationweek.com/
verizon-settles-open-source-software-law/206904096.
4. Koetsier, J. (2012). “Sorry, Google Fanboys: Android Security Suffers as Malware
Explodes by 700%.” VentureBeat, September 4. Available at http://venturebeat.
com/2012/09/04/sorry-google-fanboys-android-security-sucks-hard-as-malware-
explodes-by-700/#FKvUAhZrG8g5jywy.99.
5. Rashid, F. (2012). “Oracle Accused of Downplaying Database Flaws,
Severity.” eWeek, January 1. Available at http://www.eweek.com/c/a/Security/
Oracle-Accused-of-Downplaying-Database-Flaws-Severity-155094.
6. Insecure.org (2013). “Download.com Caught Adding Malware to Nmap & Other
Software.” Available at http://insecure.org/news/download-com-fiasco.html.
7. Schwartz, E. (2007). “Open Source Lands in the Enterprise with Both
Feet: Major Business Applications on Linux Turns OS into a Commodity.”
Infoworld, August 6. Available at http://www.infoworld.com/t/applications/
open-source-lands-in-enterprise-both-feet-576.
8. Worthington, D. (2007). “Quacking Through Licensing Complexity: Black
Duck’s Open Source Licensing Solution Tackles GPLv3.” SDTimes, August 6.
Available at http://www.sdtimes.com/link/31007.