[WASC-WAFEC] What should we change in WAFEC 2.0?
christian.heinrich at cmlh.id.au
Thu Jun 28 21:43:21 EDT 2012
I found two relevant slides from WhiteHat’s 12th Website Security
i.e. Mitigation of vulnerabilities (based on WASC Threat Matrix) in
implementing a WAF (this might be expanded in their report which
should be released today (Friday 29 June).
i.e. Time that passes to identify and then remediate vulnerabilities
within the Source Code.
To avoid a conflict of interest we should invite others to provide
relevant statistics related to real world implementations of a WAF and
the time taken to fix a vulnerability in source code and then
calculate an average?
On Sun, Jun 10, 2012 at 11:17 AM, Christian Heinrich
<christian.heinrich at cmlh.id.au> wrote:
> On Wed, Jun 6, 2012 at 9:39 PM, Ofer Shezaf <ofer at shezaf.com> wrote:
>> 5. The “ethical” questions:
>> · How to address alternative solutions such as fixing the code?
> I am also willing to review and confirm that any perceived conflict of
> interest was removed from this section with consideration to
More information about the wasc-wafec