The group, which is being led by the SANS Institute and Mitre Corp., has released a draft proposed language set for company procurement contracts that allows firms to mandate best practice from their software suppliers.
According to the SANS Institute, the document will provide user companies with a list of specific terms and conditions that can be included in procurement contracts to ensure that vendors are adhering to a strict set of software development security standards.
Alan Paller, director of research with the institute, said that nearly every attack is enabled by programming mistakes that provide a handhold for attackers.
"The only way programming errors can be eradicated is by making software development organisations legally liable for the errors", he explained.
The initiative has been met with general approval by the software industry, with application vulnerability specialist Fortify Software giving the thumbs up to the move by the consortium.
Richard Kirk, the firm's European director, said that best practice in code development has been under active discussion by the software vendor community for some time.
"It's good to hear that the SANS Institute has grasped the bull by the horns, and done something practical about the issue", he said, adding that Fortify has observed a large number of successful hacker attacks are caused –in part – by software flaws.
This, he explained, is what gives hackers a small chink in a software application's armour that they can then pry open.
According to Kirk, by encouraging companies to include suitable language in their procurement contracts, the consortium will hopefully drive the software development industry to adopt the best practices that a number of experts have been calling on for some time.
"Changes of this type aren't going to happen overnight, as software vendors will have to engender new working practices in their code development operations", he said.
"However, if their clients start mandating the use of best practices in their commercial agreements – through the use of the correct language in procurement contracts – then that is something we can wholly support", he added.