This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Podcast News"
From OWASP
m (→OWASP Podcast Roundtable) |
m (→OWASP Podcast Roundtable) |
||
| Line 12: | Line 12: | ||
<ul> | <ul> | ||
| − | <li>"There have been no security problems in the past, nor is there any evidence we’ll be attacked in the future."/li> | + | <li>"There have been no security problems in the past, nor is there any evidence we’ll be attacked in the future."</li> |
| − | <li>"Security is an IT problem. They have firewalls, patch & configuration management systems, and SSL currently in place protecting us."/li> | + | <li>"Security is an IT problem. They have firewalls, patch & configuration management systems, and SSL currently in place protecting us."</li> |
| − | <li>"We need new features first and there is no discretionary budget left to allocate towards security."/li> | + | <li>"We need new features first and there is no discretionary budget left to allocate towards security."</li> |
| − | <li>"Hackers can't break in because our Web application can't be accessed externally."/li> | + | <li>"Hackers can't break in because our Web application can't be accessed externally."</li> |
| − | <li>"We outsource our software development and the vendor is responsible for making sure the code is secure."/li> | + | <li>"We outsource our software development and the vendor is responsible for making sure the code is secure."</li> |
| − | <li>"We use penetration-testing services. We fix or accept the risk of any issues found, which keeps us safe."/li> | + | <li>"We use penetration-testing services. We fix or accept the risk of any issues found, which keeps us safe."</li> |
| − | <li>"We passed our most recent compliance audit and not required to do anything more."/li> | + | <li>"We passed our most recent compliance audit and not required to do anything more."</li> |
| − | <li>"We trust our developers and they already know how to develop secure code after completing the training course."/li> | + | <li>"We trust our developers and they already know how to develop secure code after completing the training course."</li> |
<li>"We already have scanning tools. Doing more will slow down the development process, inhibit innovation, and add large unnecessary costs."</li> | <li>"We already have scanning tools. Doing more will slow down the development process, inhibit innovation, and add large unnecessary costs."</li> | ||
</ul> | </ul> | ||
Revision as of 19:36, 12 October 2009
OWASP Podcast News
OWASP NEWS October 2009
OWASP Podcast Roundtable
Next Recording : October 22, 2009
The entire October 22 roundtable will focus on "Overcoming Objections to an Application Security Program"
http://jeremiahgrossman.blogspot.com/2009/08/overcoming-objections-to-application.html
- "There have been no security problems in the past, nor is there any evidence we’ll be attacked in the future."
- "Security is an IT problem. They have firewalls, patch & configuration management systems, and SSL currently in place protecting us."
- "We need new features first and there is no discretionary budget left to allocate towards security."
- "Hackers can't break in because our Web application can't be accessed externally."
- "We outsource our software development and the vendor is responsible for making sure the code is secure."
- "We use penetration-testing services. We fix or accept the risk of any issues found, which keeps us safe."
- "We passed our most recent compliance audit and not required to do anything more."
- "We trust our developers and they already know how to develop secure code after completing the training course."
- "We already have scanning tools. Doing more will slow down the development process, inhibit innovation, and add large unnecessary costs."
