CPWE-ID: 12

Insufficient Program Resources
Description
 * The software development organization or organizational unit has started an application security program, but the resources allocated to support the program (people, tools, or a combination thereof) are not sufficient, the initiative is either not funded or under-funded.

Common Causes


 * This weakness typically occurs in situations where there is no executive-level application security evangelist.

Common Consequences


 * Prior to a Cyber Incident - Delayed program adoption
 * During and After a Cyber Incident - Unknown business risk; impaired incident response

Other CPWE
CISO Cheat Sheet