This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
CPWE-ID: 12
From OWASP
Insufficient Program Resources
Description
- The software development organization or organizational unit has started an application security program, but the resources allocated to support the program (people, tools, or a combination thereof) are not sufficient, the initiative is either not funded or under-funded.
Common Causes
- This weakness typically occurs in situations where there is no executive-level application security evangelist.
Common Consequences
- Prior to a Cyber Incident - Delayed program adoption
- During and After a Cyber Incident - Unknown business risk; impaired incident response
Severity
- Critical - This must be addressed immediately.
References
- TODO
