[WEB SECURITY] security findings management
robert at webappsec.org
Mon Dec 19 12:26:31 EST 2011
For software security related problems I find it best to utilize the bug
tracking system used by development. By using the existing system you
don't need people to learn/maintain another tool, not to mention it shows
up in the developers todo list during triage just like any other bug.
I've written a few articles on this subject, the first outlines specific modifications that you
can implement in your bugtracking system in order to better track/measure software security defects
Tracking and understanding security related defects: Useful data points for shaping your SDLC program
The second article outlines prioritization/handling of these security defects once they've been filed.
Setting the appropriate security defect handling expectations in development and QA
- Robert A
WASC Co Founder/Moderator of The Web Security Mailing List
On Thu, 15 Dec 2011, Lebeau Frederic wrote:
> Hello, i'm looking for a tool to manage(keep trace, history, status) all
> security issues found during dynamic testing or code review activities.
> Does someone can help me?
More information about the websecurity