Sprint chief security officer Robert Fox told the Infosecurity Conference & Exhibition in New York: "We're working on a new policy for software vendors that will say, 'Before you deliver your software to Sprint, you need to run certain tests and tell us the results'."
Other industries, particularly banking, have long required software vendors to meet a set of common security criteria for equipment configuration and sometimes operating system configuration.
However, this is the first time that a major telecommunications company is requiring such testing for all software purchases.
If the Sprint policy gets established across the sector, it would put "telecommunications ahead of the curve in adopting a very good practice," said Gartner analyst John Pescatore.
"If enterprises are willing to buy flimsy software, vendors will sell them the flimsiest software. If companies vote with their pocketbooks for more secure software, vendors follow."
Despite the Sprint initiative. Fox said he would prefer to see government take a lead in demanding better software security.
"I don't think the private sector knows how to [talk tough to the software industry] yet," he told delegates to the show. Most companies make requests to vendors for improved security on an individual basis, he said. As a result, the private sector is not speaking with one voice.
The US government is making tentative moves to drive up standards. From 1 July, all software companies wanting to sell to the US Department of Defense will have to have their products' security claims validated by a third party.