[Article] Tracking and understanding security related defects

[robert () webappsec org]

Title:
Tracking and understanding security related defects: Useful data points for shaping your SDLC program       

Abstract:
"If you work in infosec for a large organization it can be difficult to easily track the state of every software level 
vulnerability throughout your various code bases. This is particularly true when groups outside of infosec such as the 
business unit, development, or QA are filing these defects and fail to loop in infosec (possibly because they don't 
know how!). Getting a grasp on how issues are being identified, and handled is essential for improving your orgs 
security program/s. By making a few changes to your bug tracking system it can become easier to understand the issues 
being discovered, effectiveness of certain testing tools and strategies, effectiveness of defenses, and can help 
improve processes addressing security related defects. "

Link:
http://www.qasec.com/2011/01/tips-for-tracking-security-related-defects-in-your-bugtracker.html      
 
Regards,
- Robert Auger
http://www.webappsec.org/
http://www.qasec.com/
http://www.cgisecurity.com/
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________