Denim Group at SOURCE Boston 2011: The Real Cost of Software Remediation

I will be giving a presentation titled “The Real Cost of Software Remediation” at SOURCE Boston this year. The abstract is:

The security industry is beginning to release data that focuses on the prevalence of different types of vulnerabilities and incidents. However interesting, such data falls short of providing crucial information to aid organizations with their software remediation efforts. This presentation provides statistical data from 15 different web application remediation projects in order to provide real insight into the costs of remediating application-level vulnerabilities. The data addresses pressing questions, including how much time is spent on different phases of remediation projects (inception, planning and execution), and how much time is required to remediate different classes of vulnerabilities. Based on this data, analysis is also provided so organizations can make decisions about which vulnerabilities should be fixed and which should be left, how to schedule vulnerability remediation into software project schedules, and activities organizations should undertake in order to prevent the most costly vulnerabilities from occurring in the first place.

Contact us for help remediating vulnerabilities in your software.



dan _at_


Posted via email from Denim Group’s Posterous

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Remediation

Leave a Reply

Your email address will not be published. Required fields are marked *