Revision as of 13:33, 30 August 2012 by Mike.boberski (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Insufficient Program Resources


  • The software development organization or organizational unit has started an application security program, but the resources allocated to support the program (people, tools, or a combination thereof) are not sufficient, the initiative is either not funded or under-funded.

Common Causes

  • This weakness typically occurs in situations where there is no executive-level application security evangelist.

Common Consequences

  • Prior to a Cyber Incident - Delayed program adoption
  • During and After a Cyber Incident - Unknown business risk; impaired incident response

Other CPWE

CISO Cheat Sheet