Secure Coding mailing list archives
Resources to fix vulns
From: ljknews at mac.com (ljknews)
Date: Wed, 18 Jul 2007 15:41:51 -0400
At 8:53 AM -0700 7/18/07, McCown, Christian M wrote:
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C7C953.D03CBE5C"
What do you tell a C-level exec in terms of h/c and time it will take to
fix web app vulnerabilities discovered in a website?
X number of vulnerabilities = Y h/c and Z time.
Of course there's a host of factors/variables involved that could wind up
looking like actuarial tables or DNA sequences (!), but what we'd like to
be able to do is sum it up as an initial swag and let the app owners use
it as a factor in calculating the actual time to remediate.
Look at the track record for _that_organization_ fixing previous vulnerabilities. -- Larry Kilgallen
Current thread:
- Resources to fix vulns McCown, Christian M (Jul 18)
- Resources to fix vulns ljknews (Jul 18)
- Resources to fix vulns McGovern, James F (HTSC, IT) (Jul 19)
- Resources to fix vulns ljknews (Jul 19)
- Smalltalk and other Second Class Languages McGovern, James F (HTSC, IT) (Jul 19)
- Resources to fix vulns McGovern, James F (HTSC, IT) (Jul 19)
- Resources to fix vulns McGovern, James F (HTSC, IT) (Jul 19)
- Resources to fix vulns ljknews (Jul 18)