[WEB SECURITY] security findings management

Robert A. robert at webappsec.org
Mon Dec 19 12:26:31 EST 2011

Hello Lebeau,

For software security related problems I find it best to utilize the bug 
tracking system used by development. By using the existing system you 
don't need people to learn/maintain another tool, not to mention it shows 
up in the developers todo list during triage just like any other bug.

I've written a few articles on this subject, the first outlines specific modifications that you
can implement in your bugtracking system in order to better track/measure software security defects

  Tracking and understanding security related defects: Useful data points for shaping your SDLC program

The second article outlines prioritization/handling of these security defects once they've been filed.

  Setting the appropriate security defect handling expectations in development and QA

- Robert A
WASC Co Founder/Moderator of The Web Security Mailing List

On Thu, 15 Dec 2011, Lebeau Frederic wrote:

> Hello, i'm looking for a tool to manage(keep trace, history, status) all
> security issues found during dynamic testing or code review activities.
> Does someone can help me?
> Thanks

More information about the websecurity mailing list