On building an application security programme
by Justin Clarke
I have met with quite a few organizations in corporate America over the last several months, and there seems to me to be a movement amongst a lot of very large organizations to seriously consider doing something about this. As far as I'm concerned I think it's a good thing, provided efforts actually end up in some practical solution.
Any comments, war stories, programmes gone wrong?