Building An Effective Application Security Practice On A Shoestring Budget presented at Blackhat USA 2007

by John Viega,

Tags: Security Business

Summary : Software companies inevitably produce
insecure code. In 2006 alone, CERT has recognized over 8,000 published
vulnerabilities in applications. Attackers were previously occupied by
the weaker operating systems and have moved on to easier targets:
applications. What makes this situation worse, is the weaponization of
these exploits and the business drivers behind them. Some organizations
struggle to deal with this trend to try to protect their products and
customers. Other organizations have nothing in place, and need to create
measures as soon as possible.