Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: SDLC and Change Management - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SDLC and Change Management

We received several reports today of a high profile software vendor's website that had a directory traversal bug in a specific script.  And while it is fun to find these still in existence in 2007, it's probably more likely that new code was introduced or existing code was modified without the security auditors looking at it.

So how good is your change management process when it comes to code that has been security reviewed?  In most cases, reviewing the changes is just as important as performing the code audit in the first place.


112 Posts
Sep 26th 2007

Sign Up for Free or Log In to start participating in the conversation!