Saturday, April 11, 2009

Vulnerabilities vs Insecure Software

If your software has vulnerabilities then you should use a security specialist and developer to resolve those vulnerabilities.

However, the recurring presence of vulnerabilities, means you have insecure software and you need to fix your SDLC, provide security based developer training and enhance the security review process.

Lastly, if you don't know if you have vulnerabilities, then you are at square one.
  • Assess to discover vulnerabilities
  • Analyze to determine root cause
  • Remediate technical vulnerabilities
  • Address root cause in the overall process
  • Rinse and Repeat

-Michael Coates