[Owasp-leaders] CISO AppSec Cheat Sheet

Mike Boberski mike.boberski at gmail.com
Sun Apr 4 19:36:42 EDT 2010


I find that people managing others who don't understand what those others
do, fail. I appreciate that a lot of CISOs and CIOs are oblivious to such
levels of detail, but they should be able to establish policies that will be
sufficiently prescriptive for e.g. agile teams. Those who don't or can't,
don't really have meaningful control over their apps. Having the power to
pull the plug on an app isn't meaningful control about how security controls
work or what standards of care are taken during development.

Mike


On Sun, Apr 4, 2010 at 9:31 AM, Eoin <eoinkeary at gmail.com> wrote:

> Ciso's dont really care about agile, more about what
>
>  On Apr 3, 2010 12:21 a.m., "Mike Boberski" <mike.boberski at gmail.com>
> wrote:
>
> Will the what's next for org's be available for review prior to final
> release? I'd like to see something 100% jargon-free that an Agile team with
> zero security knowledge can for example clearly recognize and latch onto in
> terms of identifying a first lifecycle activity, I guess to summarize our
> couple previous 1:1 notes on adding a lifecycle-ish page.
>
> Mike
>
>
> On Fri, Apr 2, 2010 at 6:52 PM, Dave Wichers <dave.wichers at owasp.org>
> wrote: > > I'd rather not conf...
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100404/fdcb9a06/attachment.html 


More information about the OWASP-Leaders mailing list