Browse by Tags - Following the White Rabbit Blog -
Sign in
|
Join
|
Help
SHOP PRODUCTS & SERVICES
EXPLORE & CREATE
CONNECT WITH OTHERS
SUPPORT & DRIVERS
COMMUNITY HOME
HP BLOGS
APP SECURITY BLOGS
APP SECURITY FORUMS
Following the White Rabbit Blog
»
All Tags
»
vulnerabilities
(
RSS
)
Browse by Tags
Following the White Rabbit Blog
Home
About
Contact
Syndication
RSS for Posts
Atom
RSS for Comments
Recent Posts
Risk Rating - When Is Critical Not?
"Security Vulnerability" != "Defect" ; why?
Tags
application security
breach
compliance
conferences
dynamic analysis
educating developers
hacking
hacking demonstration
OWASP
PCI Compliance
PCI DSS
process
QA
quality
security
security automation
security program
securitycurity program
software quality
software security
speaking
sql injection
static code analysis
testing
web application security
View more
Archives
May 2009 (2)
April 2009 (3)
March 2009 (1)
February 2009 (4)
January 2009 (6)
December 2008 (9)
November 2008 (2)
October 2008 (5)
September 2008 (7)
July 2008 (4)
June 2008 (4)
May 2008 (4)
April 2008 (5)
March 2008 (1)
defects
development
functional specification
quality
risk rating
security
testing
vulnerability context
Risk Rating - When Is Critical Not?
Have you ever thought to yourself - "How do they decide what's Critical / High / Medium / Low in the security defect findings?" If you have then you're not alone. I get asked that question on a regular basis, and unfortunately the answer...
Published
10-31-2008 5:51 AM
by
RafalLos
Filed under:
vulnerabilities
,
vulnerability context
,
risk rating
"Security Vulnerability" != "Defect" ; why?
It's one of those obvious things. A defect is a defect, right? Whether the airbag is faulty, or the gas cap doesn't hold pressure... a defect is a defect. The strange thing is - it hasn't been that way, and still isn't that way, in most...
Published
04-01-2008 10:18 AM
by
Rafal Los
Filed under:
defects
,
vulnerabilities
,
security
,
functional specification
,
quality
,
testing
,
development
Privacy Statement