Difference between revisions of "CPWE-ID: 12"
(Created page with "== Insufficient Program Resources == '''Description''' * The software development organization or organizational unit has started an application security program, but the reso...")
Revision as of 14:33, 30 August 2012
Insufficient Program Resources
- The software development organization or organizational unit has started an application security program, but the resources allocated to support the program (people, tools, or a combination thereof) are not sufficient, the initiative is either not funded or under-funded.
- This weakness typically occurs in situations where there is no executive-level application security evangelist.
- Prior to a Cyber Incident - Delayed program adoption
- During and After a Cyber Incident - Unknown business risk; impaired incident response