Need a few slides/data on surging importance of security and source code security

[paco at cigital.com (Paco Hope)]

For reasons that are not worth getting into, my two cents didn't make it to
the list. I've now invested 4 cents in getting this to everyone. :)

On 10/16/06 6:42 AM, "Holger.Peine at iese.fraunhofer.de"
<Holger.Peine at iese.fraunhofer.de> wrote:

> I am sure that quite a few of you already have done or know who has done this
> non-technical, "mundane" job: I need a few slides with data (e.g. numbers, or
> maybe historic examples) to convince a management-level audience

Attached is a timeline I created from publically available data at
http://www.attrition.org/. It depicts credit card account number
compromises. It tells you who had the data, when it was compromised, and how
many accounts were lost. It is somewhat related to your need, although it
does not speak to the source code issue.

The one thing to note is that this timeline does not show the different ways
credit card accounts were compromised. Some of these were "hacks" where a
web site or online system was compromised. Some were theft of a device (like
a laptop) and some were lost backup tapes and similar failures.

I think the picture is pretty compelling and shows just how many accounts
have been compromised (that we know about) and how often it happens.

Regards,
Paco
-- 
Paco Hope, CISSP
Technical Manager, Cigital, Inc
http://www.cigital.com/ ? +1.703.585.7868
Software Confidence. Achieved.



----------------------------------------------------------------------------
This electronic message transmission contains information that may be
confidential or privileged.  The information contained herein is intended
solely for the recipient and use by any other party is not authorized.  If
you are not the intended recipient (or otherwise authorized to receive this
message by the intended recipient), any disclosure, copying, distribution or
use of the contents of the information is prohibited.  If you have received
this electronic message transmission in error, please contact the sender by
reply email and delete all copies of this message.  Cigital, Inc. accepts no
responsibility for any loss or damage resulting directly or indirectly from
the use of this email or its contents.
Thank You.
----------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20061019/62c10861/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CreditCardCompromises.jpg
Type: application/octet-stream
Size: 322664 bytes
Desc: not available
Url : http://krvw.com/pipermail/sc-l/attachments/20061019/62c10861/attachment-0001.obj