Title: Tracking and understanding security related defects: Useful data points for shaping your SDLC program
Abstract: "If you work in infosec for a large organization it can be difficult to easily track the state of every software level vulnerability throughout your various code bases. This is particularly true when groups outside of infosec such as the business unit, development, or QA are filing these defects and fail to loop in infosec (possibly because they don't know how!). Getting a grasp on how issues are being identified, and handled is essential for improving your orgs security program/s. By making a few changes to your bug tracking system it can become easier to understand the issues being discovered, effectiveness of certain testing tools and strategies, effectiveness of defenses, and can help improve processes addressing security related defects. " Link: http://www.qasec.com/2011/01/tips-for-tracking-security-related-defects-in-your-bugtracker.html Regards, - Robert Auger http://www.webappsec.org/ http://www.qasec.com/ http://www.cgisecurity.com/ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
