This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "CPWE-ID: 12"
From OWASP
Deleted user (talk | contribs) m (→Insufficient Program Resources) |
Deleted user (talk | contribs) m (→Insufficient Program Resources) |
||
| Line 15: | Line 15: | ||
* ''Critical -'' This must be addressed immediately. | * ''Critical -'' This must be addressed immediately. | ||
| + | |||
| + | '''References''' | ||
| + | |||
| + | * TODO | ||
== Other CPWE == | == Other CPWE == | ||
[[CISO Cheat Sheet]] | [[CISO Cheat Sheet]] | ||
Revision as of 20:46, 30 August 2012
Insufficient Program Resources
Description
- The software development organization or organizational unit has started an application security program, but the resources allocated to support the program (people, tools, or a combination thereof) are not sufficient, the initiative is either not funded or under-funded.
Common Causes
- This weakness typically occurs in situations where there is no executive-level application security evangelist.
Common Consequences
- Prior to a Cyber Incident - Delayed program adoption
- During and After a Cyber Incident - Unknown business risk; impaired incident response
Severity
- Critical - This must be addressed immediately.
References
- TODO
