[Article] Tracking and understanding security related defects

[robert () webappsec org]

Title: 
Tracking and understanding security related defects: Useful data points for shaping your SDLC program

Abstract: 
"If you work in infosec for a large organization it can be difficult to easily track the state of every software level 
vulnerability throughout your various code bases. This is particularly true when groups outside of infosec such as the 
business unit, development, or QA are filing these defects and fail to loop in infosec (possibly because they don't 
know how!). Getting a grasp on how issues are being identified, and handled is essential for improving your orgs 
security program/s. By making a few changes to your bug track ing system it can become easier to understand the issues 
being discovered, effectiveness of certain testing tools and strategies, effectiveness of defenses, and can help 
improve processes addressing security related defects. "
 
Link: 
http://www.qasec.com/2011/01/tips-for-tracking-security-related-defects-in-your-bugtracker.html
 
Regards,
- Robert Auger
http://www.webappsec.org/
http://www.qasec.com/
http://www.cgisecurity.com/



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------