What do you tell a C-level exec in terms of h/c and time it will take to
fix web app vulnerabilities discovered in a website?
X number of vulnerabilities = Y h/c and Z time.
Of course there's a host of factors/variables involved that could wind
up looking like actuarial tables or DNA sequ
At 8:53 AM -0700 7/18/07, McCown, Christian M wrote:
> Content-class: urn:content-classes:message
> Content-Type: multipart/alternative;
> boundary="_=_NextPart_001_01C7C953.D03CBE5C"
>
> What do you tell a C-level exec in terms of h/c and time it will take to
>fix web app vulnerabilities
Behalf Of McCown, Christian M
Sent: Wednesday, July 18, 2007 11:54 AM
To: sc-l@securecoding.org
Subject: [SC-L] Resources to fix vulns
What do you tell a C-level exec in terms of h/c and time it will take to
fix web app vulnerabilities discovered in a website?
X number of vulnerabilities = Y
PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ljknews
Sent: Wednesday, July 18, 2007 3:42 PM
To: sc-l@securecoding.org
Subject: Re: [SC-L] Resources to fix vulns
At 8:53 AM -0700 7/18/07, McCown, Christian M wrote:
> Content-class: urn:content-classes:message
> Content-Type: multi
At 9:50 AM -0400 7/19/07, McGovern, James F (HTSC, IT) wrote:
> I would actually recommend AGAINST using prior track records for fixing
> previous vulnerabilities because in all honestly they probably don't
> track it. Most enterprises prioritize any type of defect based on the
> importance as de