[OWASP-Bangalore] Details on effort needed to remediate the static scan findings.
Manjunath K P
manjunath_kp at spanservices.com
Tue Jan 7 10:23:38 UTC 2014
I don’t think any tool or algorithm available to calculate avg time to fix the vulnerabilities. It depends on the developer experience and the complexity of the vulnerability. But if you are working on a product it is possible to derive on your own.
From: owasp-bangalore-bounces at lists.owasp.org [mailto:owasp-bangalore-bounces at lists.owasp.org] On Behalf Of Kannan, Vinod K
Sent: 07 January, 2014 1:36 PM
To: OWASP Bangalore Mailing List
Subject: [OWASP-Bangalore] Details on effort needed to remediate the static scan findings.
I am trying to create an algorithm to calculate the total effort in man hours to fix the findings from a web static scan. Please let me know if there is any good and recognized source from where I could get the details like average time to fix different vulnerabilities like SQLi or XSS and so on.
App Sec consultant - JPMC
This email is confidential and subject to important disclaimers and conditions including on offers for the purchase or sale of securities, accuracy and completeness of information, viruses, confidentiality, legal privilege, and legal entity disclaimers, available at http://www.jpmorgan.com/pages/disclosures/email.
DISCLAIMER: This email message and all attachments are confidential and may contain information that is Privileged, Confidential or exempt from disclosure under applicable law. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this email is strictly prohibited. If you have received this email in error, please notify us immediately by return email to mailadmin at spanservices.com and destroy the original message. Opinions, conclusions and other information in this message that do not relate to the official of SPAN, shall be understood to be nether given nor endorsed by SPAN.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Bangalore