At 8:53 AM -0700 7/18/07, McCown, Christian M wrote:
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary=_=_NextPart_001_01C7C953.D03CBE5C
What do you tell a C-level exec in terms of h/c and time it will take to
fix web app vulnerabilities
I wish formulas were the solution to your question. The problem is that
the answer is heavily dependent upon the background of the C-level
executive. Some C-Level executives have an analytical background where
their backgrounds could have been actuarial, IT, statistics, etc where
they would
]
[mailto:[EMAIL PROTECTED] On Behalf Of ljknews
Sent: Wednesday, July 18, 2007 3:42 PM
To: sc-l@securecoding.org
Subject: Re: [SC-L] Resources to fix vulns
At 8:53 AM -0700 7/18/07, McCown, Christian M wrote:
Content-class: urn:content-classes:message
Content-Type: multipart/alternative
At 9:50 AM -0400 7/19/07, McGovern, James F (HTSC, IT) wrote:
I would actually recommend AGAINST using prior track records for fixing
previous vulnerabilities because in all honestly they probably don't
track it. Most enterprises prioritize any type of defect based on the
importance as