This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "CPWE-ID: 12"
From OWASP
Deleted user (talk | contribs) (Created page with "== Insufficient Program Resources == '''Description''' * The software development organization or organizational unit has started an application security program, but the reso...") |
Deleted user (talk | contribs) m (→Insufficient Program Resources) |
||
| Line 11: | Line 11: | ||
* ''Prior to a Cyber Incident -'' Delayed program adoption | * ''Prior to a Cyber Incident -'' Delayed program adoption | ||
* ''During and After a Cyber Incident -'' Unknown business risk; impaired incident response | * ''During and After a Cyber Incident -'' Unknown business risk; impaired incident response | ||
| + | |||
| + | '''Severity''' | ||
| + | |||
| + | * ''Critical -'' This must be addressed immediately. | ||
== Other CPWE == | == Other CPWE == | ||
[[CISO Cheat Sheet]] | [[CISO Cheat Sheet]] | ||
Revision as of 20:26, 30 August 2012
Insufficient Program Resources
Description
- The software development organization or organizational unit has started an application security program, but the resources allocated to support the program (people, tools, or a combination thereof) are not sufficient, the initiative is either not funded or under-funded.
Common Causes
- This weakness typically occurs in situations where there is no executive-level application security evangelist.
Common Consequences
- Prior to a Cyber Incident - Delayed program adoption
- During and After a Cyber Incident - Unknown business risk; impaired incident response
Severity
- Critical - This must be addressed immediately.
