
	Home > Ask the Software Quality Experts > Application Security Questions & Answers > How do I convince management to take application security seriously?

Ask The Software Quality Expert: Questions & Answers

EMAIL THIS

How do I convince management to take application security seriously?

EXPERT RESPONSE FROM: Chris Wysopal

		Pose a Question

		Other Software Quality Categories

		Meet all Software Quality Experts
		Become an Expert for this site

Software quality news and advice

Digg This! StumbleUpon Del.icio.us

QUESTION POSED ON: 19 December 2008
How do I convince management to take security seriously? I keep getting negged with time and money constraints. Even serious source code analysis is getting thrown under the rug. Since I can't find exact $$ I'm ignored. Casually pointing out the daily body count of huge, important, hacked sites isn't helping.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Application Security
	What is fuzz testing? What are some ways to use fuzz testing?
	How do I set up a secure login page using membership in ASP.NET?
	Security testing sales, marketing websites
	Are there application security certification standards?
	Top tools for testing Web application security
	How to prevent HTTP response splitting
	PCI DSS compliance: WAF, code review or both?
	Application security careers have bright future
	How to prevent anti-DNS pinning attacks
	Open source application security testing tools

Software security testing and techniques

Fixing four Web 2.0 input validation security mistakes

Commonly-overlooked security flaws in rich Internet applications

Web security problems: Five ways to stop login weaknesses

10 steps to acing Web app security assessments

Hack maliciously to boost your software's security

Software Testing: How to know you're ready to start testing

Software security best practices: Roles developers must play

The role of quality assurance (QA) pros in software security

What is fuzz testing? What are some ways to use fuzz testing?

Software security: Removing insecurity from outsourced development

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

One technique that often works is to look at what your company's peers are doing. A lot of security spending is reactive and companies end up putting in security processes and technology after a successful attack. You obviously want to be proactive and not wait for this to happen so the next best thing to convince management is by showing them what peers are doing to implement application security. See if you can join a local or industry group and talk to your peers. You could also ask the providers of the technology or services you are interested in for customers that are similar to you and ask if you can call them up for a reference. If you are a large retailer you could talk to TJX. If you are a supermarket, you could talk to Hannaford. If you are a small software company there are plenty of vulnerable peers to choose from.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Software Quality - Software Maintenance, Software Requirements, Software Standards

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2006 - 2009, TechTarget \| Read our Privacy Policy