[Owasp-testing] Repeated paragraph in PDF of OWASP Testing Guide v4

Hookings, Stephen stephen.hookings at sap.com
Fri Oct 31 14:38:24 UTC 2014


Hi all

New to list so apologies if there is an errata section I should have checked.

Firstly I really like the guide. I am co-lead on Security Testing Strategy in SAP and we will certainly be using this info to educate our development teams.
I am also liking the ASVS too.

On PDF page 11/224 of OWASP_Testing_Guide_v4.pdf, top right 2nd column:

For example, in June 2002, the US National Institute of Standards
(NIST) published a survey on the cost of insecure software to the US
economy due to inadequate software testing [3]. Interestingly, they
estimate that a better testing infrastructure would save more than a
third of these costs, or about $22 billion a year. More recently, the links
between economics and security have been studied by academic researchers.
See [4] for more information about some of these efforts.

While estimating the cost of insecure software may appear a daunting
task, there has been a significant amount of work in this direction.
For example, in June 2002, the US National Institute of Standards
(NIST) published a survey on the cost of insecure software to the US
economy due to inadequate software testing [3]. Interestingly, they
estimate that a better testing infrastructure would save more than a
third of these costs, or about $22 billion a year. More recently, the links
between economics and security have been studied by academic researchers.
See [4] for more information about some of these efforts.

I know one has to repeat to make a point, but seems to me there is some duplication here?

Regards
Steve Hookings, SAP Code Analysis team.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-testing/attachments/20141031/5a764e9a/attachment.html>


More information about the Owasp-testing mailing list