Why Doing Application Security Remediation Is Like Building a Rube Goldberg Machine

No ratings

Presented at UNITED Security Summit 2012 by

Wendy Nather

Building an application security program looks great on paper, but the execution is sometimes worthy of its own reality TV show. Prioritizing applications, choosing tools, creating new processes, cajoling developers and QA staff, and appeasing management can all be challenging, even before you start looking at the wild, tangled mess that is legacy code. This is a case study of a two-year program, including false starts, funding changes, and a comedy of remediation errors that demonstrates how there isn\'t always such a thing as a "15-minute fix".