The Real Cost of Waiting
to Secure Your Applications
B IO

Jeremiah Grossman









Founder & CTO of WhiteHat Security
Practicing Web security since 2000
Internation...
B IO

Ryan Berg
 Chief Security Officer at Sonatype
 Co-founder and chief scientist
for Ounce Labs
 Patent holder, auth...
Measuring the Cost
survey summaries
Distribution of Responsibility

* Sonatype
Product Code Deployment
* Sonatype
M OST COM M ON VU LN S

Top 15 Vulnerability Classes (2012)
Percentage likelihood that at least one serious* vulnerability...
OVE R A LL

Overall Vulnerability Population (2012)
Percentage breakdown of all the serious* vulnerabilities discovered
(S...
Addressing Vulnerabilities

* Sonatype
Cost of Fixing Software Defects

* Atom Consulting
Drivers to Resolve Vulnerabilities

© 2013 WhiteHat Security, Inc.

13
Why Vulnerabilities Go Unresolved

© 2013 WhiteHat Security, Inc.

14
Can there be a balance?
The Real Cost of Waiting
to Secure Your Applications
The Real Cost of Waiting When it Comes to Application Security
Upcoming SlideShare
Loading in …5
×

The Real Cost of Waiting When it Comes to Application Security

566 views

Published on

Many vulnerabilities go unresolved because compliance does not require fixing the issues at any point during the development process. However, the cost of fixing software defects post release can be up to 100x the cost of fixing the same issues at beginning of the software development life cycle.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
566
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The Real Cost of Waiting When it Comes to Application Security

  1. 1. The Real Cost of Waiting to Secure Your Applications
  2. 2. B IO Jeremiah Grossman         Founder & CTO of WhiteHat Security Practicing Web security since 2000 International speaker (6-continents) InfoWorld Top 25 CTO Co-founder of the WASC Co-author: XSS Attacks Former Yahoo! information security officer Brazilian Jiu-Jitsu Black Belt © 2013 WhiteHat Security, Inc. 2
  3. 3. B IO Ryan Berg  Chief Security Officer at Sonatype  Co-founder and chief scientist for Ounce Labs  Patent holder, author, teacher  Co-founded Qiave Technologie © 2013 WhiteHat Security, Inc. 3
  4. 4. Measuring the Cost survey summaries
  5. 5. Distribution of Responsibility * Sonatype
  6. 6. Product Code Deployment
  7. 7. * Sonatype
  8. 8. M OST COM M ON VU LN S Top 15 Vulnerability Classes (2012) Percentage likelihood that at least one serious* vulnerability will appear in a website © 2013 WhiteHat Security, Inc. 9
  9. 9. OVE R A LL Overall Vulnerability Population (2012) Percentage breakdown of all the serious* vulnerabilities discovered (Sorted by vulnerability class) © 2013 WhiteHat Security, Inc. 10
  10. 10. Addressing Vulnerabilities * Sonatype
  11. 11. Cost of Fixing Software Defects * Atom Consulting
  12. 12. Drivers to Resolve Vulnerabilities © 2013 WhiteHat Security, Inc. 13
  13. 13. Why Vulnerabilities Go Unresolved © 2013 WhiteHat Security, Inc. 14
  14. 14. Can there be a balance?
  15. 15. The Real Cost of Waiting to Secure Your Applications

×