compliance

Sarbanes Oxley Compliance: What constitutes financial reporting?

I work in a larger public company that needs to be Sarbanes Oxley compliant, but I don't see a ton of info out there on what that really boils down to for developers and pushing code live. Do changes just need to be approved before they go out? Is the access to make the change a violation or just the act of performing the change? Also,...

Web site HIPAA compliance

Ok I got the concept of HIPAA. Thanks to all those who participated. But anybody has real experience on how to setup the website and programming. I am trying to implement this with .NET. Is SSL Certificate enough to ensure the privacy of the information. This is the thing I am going to have webforms that are going to submit this info to...

Joomla complient w3c

Im trying to make my joomla powered site w3c compliant. I am stuck with ampersand encoding, I want to encode the '&' to '& amp;'(no space) under the menu, as required. However the menu link can not be directly edited (read-only), I was wondering how I can change this to be encoded? Thanks ...

BlackBerry Library problems. (jre6 + NET_RIM_BLACKBERRY)

Hi Everyone, I'm new in blackberry environement programming, I'm developing an application for this device and there are some probs about libraries that I don't understand. I have the main project called: npoBBerry - his library is NET_RIM_BLACKBERRY (from 4.6.1 version...) it includes other two projects: Npo - his library is standar...

Maven default compiler compliance level

Hi. Do you know how I can find out the default compiler compliance level that my Maven installation uses when nothing is defined in the maven-compiler-plugin? Yours Bernhard ...

June 25 changes to BIS 742.15 How does it impact SSL iPhone App export compliance

This question isn't strictly development-related but I hope it's still acceptable :) On June 25, 2010 the BIS updated 742.15 and of interest to me is the new 742.14(b)(4) "Exclusions from mass market classification request, encryption registration and self-classification reporting requirements" and 742.15(b)(4)(ii) which states… (ii) F...

Buildroot in embedded project, what source do I need to provide for GPL compliance?

http://buildroot.uclibc.org/ I understand that Buildroot itself isn't the GPL component, but in my company's embedded project, we use Buildroot to compile a minimized version of a Linux OS and use Busybox to run our actual application. Our core application does not use any GPL code, and is functionally separate from our OS generation/us...

Legal issues in using FFmpeg in compiled binaries form?

We're planning on using compiled FFmpeg binaries with our website. We use the conversion in a very minor way. We are not sharing our source code and are NOT including the source code of FFmpeg (or modifying it any way). We do not sell our software, only offer it as a commercial service. Has anyone else used FFmpeg similarly? If so, is t...

Does RADIUS’s use of the MD5 algorithm make it not FIPS compliant for an application that allows RADIUS authentication?

The issue is if you enforce FIPS compliance in the Windows security policy settings, an exception will be thrown because RADIUS protocol uses the MD5 algorithm to hash the request authenticator. There is not an alternative MD5 algorithm that is FIPS compliant so it does not appear any code implementation of RADIUS would be possible on a ...

Sarbanes-Oxley compliant

How can I tell if my program falls under the rules of Sarbanes Oxley? Is there a website or links someone can give me? ...

Microsoft Security Compliance Manager

I'd like to provide some background before I pose my question so please, bear with me. I have come across Microsoft's Security Compliance Manager. It's rather new to me and as I understand so far, one can download EC (enterprise) or SSLF (specialized security, limited function) security "baseline" GPOs for implementation in Active Dire...

Is there an open source tool that searches your codebase for improperly used open source code?

Seems like there should be an Open Source tool that helps companies enforce OpenSource licensing compliance? The only open source tool we've been able to find only scans headers, it does not check the source code itself for pattern matches. There are closed source tools which we will use if we must, but I thought as a last-ditch effort...