Ask the Expert

Explaining software security responsibilities to the staff, QA department and management

Management is ignoring potential security issues in our Web environment. What can our development and QA staff do, to get them to take security seriously?

Requires Free Membership to View

You've hit one of the greatest barriers to application security success: Ignorance. Even with all the government and industry regulations mandating reasonable security controls many managers continue to ignore the issue. You're on the right track because the people running your business are the only ones that can truly fix this issue long term.

What you have to do is show them how the general risks and specific vulnerabilities impact the business. Get on their side. Go to business meetings and put things in terms of them and the business. Beyond that, show how improvements in your code are being made and how periodic security assessments are paying off. Perhaps most importantly -- never stop. Application security is an ongoing thing that'll never go away. Don't feed them fear but rather persistent education regarding what they're up against. They'll eventually come around.

More team and relationship building tips:

This was first published in April 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: