[Owasp-secure-coding-practices] Requirements for software - for business analysts!?

Vlatko Kosturjak vlatko.kosturjak at owasp.org
Tue Feb 8 12:44:35 EST 2011


Thanks to Keith and contributors, secure coding practice is really useful
and practical and OWASP is starting to target interesting audience. Having
software requirements as higher level document and OWASP devguide, testing
guide, ... as lower level, I see that we actually miss higher(?) level
document which would help business analysts/decision makers on how to decide
which requirements should be chosen (something like best practice and/maybe
guidance). This would help in getting right treatment of security
requirements from the business and that's actually most important. Without
business support, it's hard to go further...

Some projects/sessions like Metrics, threat modelling, etc is touching the
problem from some sides, but I don't see any project which is actually
touching it from the wholistic/business decision side.
Vlatko Kosturjak, Kost
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-secure-coding-practices/attachments/20110208/3519ab20/attachment.html 

More information about the Owasp-secure-coding-practices mailing list