Secure Coding mailing list archives
Resources to fix vulns
From: c.mccown at intel.com (McCown, Christian M)
Date: Wed, 18 Jul 2007 08:53:41 -0700
What do you tell a C-level exec in terms of h/c and time it will take to
fix web app vulnerabilities discovered in a website?
X number of vulnerabilities = Y h/c and Z time.
Of course there's a host of factors/variables involved that could wind
up looking like actuarial tables or DNA sequences (!), but what we'd
like to be able to do is sum it up as an initial swag and let the app
owners use it as a factor in calculating the actual time to remediate.
Anyone done this or like to take a swipe?
____
Chris McCown, GSEC(Gold)
Intel Corporation
* (916) 377-9428 | * c.mccown at intel.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20070718/1e98c830/attachment.html
Current thread:
- Resources to fix vulns McCown, Christian M (Jul 18)
- Resources to fix vulns ljknews (Jul 18)
- Resources to fix vulns McGovern, James F (HTSC, IT) (Jul 19)
- Resources to fix vulns ljknews (Jul 19)
- Smalltalk and other Second Class Languages McGovern, James F (HTSC, IT) (Jul 19)
- Resources to fix vulns McGovern, James F (HTSC, IT) (Jul 19)
- Resources to fix vulns McGovern, James F (HTSC, IT) (Jul 19)
- Resources to fix vulns ljknews (Jul 18)