|
WebApp Sec
mailing list archives
RE: OWASP Top Ten - My Case For Updating It
From: Jeff Robertson <Jeff.Robertson () DigitalInsight com>
Date: Mon, 11 Jul 2005 07:58:11 -0400
-----Original Message-----
From: Mark Curphey [mailto:mark () curphey com]
If the problem of web application security is poor software
quality, it is a
natural conclusion that the solution is to build better
software. Not once
in the top ten does the list address the fact that the
majority of software
is built without a design, security requirements or a
repeatable software
security development process.
I would go so far as to say that unless a development shop is already
following a process (I don't want to start waterfall vs. RUP vs. XP wars
here) to keep plain old functionality bugs down to a minimum, they have no
hope of producing secure software.
If a software company haven't even figured out that their developers need to
be doing unit tests, then the idea that they could successfully implement
any sort of security testing is just putting the cart before the horse.
 By Date 
By Thread
Current thread:
- RE: OWASP Top Ten - My Case For Updating It, (continued)
| 
Intro
