Title:
Tracking and understanding security related defects: Useful data points for shaping your SDLC program
Abstract:
"If you work in infosec for a large organization it can be difficult to easily track the state of every software level vulnerability throughout your various code bases. This is particularly true when groups outside of infosec such as the business unit, development, or QA are filing these defects and fail to loop in infosec (possibly because they don't know how!). Getting a grasp on how issues are being identified, and handled is essential for improving your orgs security program/s. By making a few changes to your bug track ing system it can become easier to understand the issues being discovered, effectiveness of certain testing tools and strategies, effectiveness of defenses, and can help improve processes addressing security related defects. "
Regards,
- Robert Auger
http://www.webappsec.org/
http://www.qasec.com/
http://www.cgisecurity.com/
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Tracking and understanding security related defects: Useful data points for shaping your SDLC program
Abstract:
"If you work in infosec for a large organization it can be difficult to easily track the state of every software level vulnerability throughout your various code bases. This is particularly true when groups outside of infosec such as the business unit, development, or QA are filing these defects and fail to loop in infosec (possibly because they don't know how!). Getting a grasp on how issues are being identified, and handled is essential for improving your orgs security program/s. By making a few changes to your bug track ing system it can become easier to understand the issues being discovered, effectiveness of certain testing tools and strategies, effectiveness of defenses, and can help improve processes addressing security related defects. "
Link:
http://www.qasec.com/2011/01/tips-for-tracking-security-related-defects-
in-your-bugtracker.html
Regards,
- Robert Auger
http://www.webappsec.org/
http://www.qasec.com/
http://www.cgisecurity.com/
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]