Difference between revisions of "CPWE-ID: 12"

From OWASP
Jump to: navigation, search
(Created page with "== Insufficient Program Resources == '''Description''' * The software development organization or organizational unit has started an application security program, but the reso...")
 
m (Insufficient Program Resources)
Line 11: Line 11:
 
* ''Prior to a Cyber Incident -'' Delayed program adoption
 
* ''Prior to a Cyber Incident -'' Delayed program adoption
 
* ''During and After a Cyber Incident -'' Unknown business risk; impaired incident response
 
* ''During and After a Cyber Incident -'' Unknown business risk; impaired incident response
 +
 +
'''Severity'''
 +
 +
* ''Critical -'' This must be addressed immediately.
  
 
== Other CPWE ==
 
== Other CPWE ==
 
[[CISO Cheat Sheet]]
 
[[CISO Cheat Sheet]]

Revision as of 15:26, 30 August 2012

Insufficient Program Resources

Description

  • The software development organization or organizational unit has started an application security program, but the resources allocated to support the program (people, tools, or a combination thereof) are not sufficient, the initiative is either not funded or under-funded.

Common Causes

  • This weakness typically occurs in situations where there is no executive-level application security evangelist.

Common Consequences

  • Prior to a Cyber Incident - Delayed program adoption
  • During and After a Cyber Incident - Unknown business risk; impaired incident response

Severity

  • Critical - This must be addressed immediately.

Other CPWE

CISO Cheat Sheet