[Owasp-leaders] CISO AppSec Cheat Sheet

Mike Boberski mike.boberski at gmail.com
Fri Apr 2 17:35:47 EDT 2010


Perhaps along similar lines, I'd like to see a project that comes up with
methods to more easily measure/guesstimate the dollar impact/order of
magnitude of breaches and spills of well-defined levels of severity. Not a
onesy-twosy impact of an XSS here, a SQLi there, rather application-wide
metrics, maybe allowing for combinations of applications (if breach one that
means five are now suspect, if breach another that means all now suspect,
etc). Maybe organized along industry lines. If defense contractor, if breach
of database with intel, then death. If financial firm, if falsification of
annual report, then jail for some and poverty for many. Etc. Handing someone
a scathing technical report, demonstrating XSS or whatever in a presales
like magic trick, are a really darn tough way to convince people to do this
stuff.

FWIW

Mike


On Fri, Apr 2, 2010 at 4:52 PM, Jim Manico <jim.manico at owasp.org> wrote:

> I was thinking of leading an effort to build an OWASP "CISO AppSec Cheat
> Sheet" - would this effort duplicate another in OWASP?
>
> http://www.owasp.org/index.php/CISO_AppSec_Cheat_Sheet
>
> --
> Jim Manico
> OWASP Podcast Host/Producer
> OWASP ESAPI Project Manager
> http://www.manico.net
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100402/da596c31/attachment.html 


More information about the OWASP-Leaders mailing list