At 8:53 AM -0700 7/18/07, McCown, Christian M wrote:
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary=_=_NextPart_001_01C7C953.D03CBE5C
What do you tell a C-level exec in terms of h/c and time it will take to
fix web app vulnerabilities
, Christian M
Sent: Wednesday, July 18, 2007 11:54 AM
To: sc-l@securecoding.org
Subject: [SC-L] Resources to fix vulns
What do you tell a C-level exec in terms of h/c and time it will take to
fix web app vulnerabilities discovered in a website?
X number of vulnerabilities = Y h/c and Z
]
[mailto:[EMAIL PROTECTED] On Behalf Of ljknews
Sent: Wednesday, July 18, 2007 3:42 PM
To: sc-l@securecoding.org
Subject: Re: [SC-L] Resources to fix vulns
At 8:53 AM -0700 7/18/07, McCown, Christian M wrote:
Content-class: urn:content-classes:message
Content-Type: multipart/alternative
At 9:50 AM -0400 7/19/07, McGovern, James F (HTSC, IT) wrote:
I would actually recommend AGAINST using prior track records for fixing
previous vulnerabilities because in all honestly they probably don't
track it. Most enterprises prioritize any type of defect based on the
importance as