You've hit one of the greatest barriers to application security success: Ignorance. Even with all the government...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
and industry regulations mandating reasonable security controls many managers continue to ignore the issue. You're on the right track because the people running your business are the only ones that can truly fix this issue long term.
What you have to do is show them how the general risks and specific vulnerabilities impact the business. Get on their side. Go to business meetings and put things in terms of them and the business. Beyond that, show how improvements in your code are being made and how periodic security assessments are paying off. Perhaps most importantly -- never stop. Application security is an ongoing thing that'll never go away. Don't feed them fear but rather persistent education regarding what they're up against. They'll eventually come around.
More team and relationship building tips:
- Tips for software testers: Getting along with developers
End software project slowdowns caused by fighting between software testers and developers with these four tips. Learn how to report application bugs diplomatically and accurately with veteran tester David Christiansen's guidelines.
- How to get management on board with Web 2.0 security issues
Ways to get management buy-in for Web 2.0 security testing and quality assurance and to bolster application security before deployment are given in this tip.
- The QA team's role in application performance evaluation and management
Who is responsible for defining requirements, setting quality and managing the QA team? QA expert describes how requirements are set, along with who ensures quality.
Related Q&A from Kevin Beaver
When replacing an email security gateway, should a Web security gateway be used or another email gateway? Expert Kevin Beaver explains.continue reading
Expert Kevin Beaver explains how organizations should address end-of-software development dates, and what they ultimately mean to enterprise security.continue reading
Are read-only domain controllers a more secure option for setting up domain services in a DMZ than using a separate domain? Expert Kevin Beaver ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.