Hmmm....

Post #343,752 by Another Scott 6/15/11 11:39:42 AM 6/15/11 11:44:16 AM Reply	Hmmm.... Thanks for the link. I hope it gets more visibility. I chuckled, though, when I saw this: Users and Adopters The U.S. Federal Trade Commission strongly recommends that all companies use the OWASP Top Ten and ensure that their partners do the same. In addition, the U.S. Defense Information Systems Agency (DISA) has listed the OWASP Top Ten as key best practices that should be used as part of the DoD Information Assurance Certification and Accreditation Process (DIACAP). In the commercial market, the Payment Card Industry (PCI) standard has adopted the OWASP Top Ten, and requires (among other things) that all merchants get a security code review for all their custom code. In addition, a broad range of companies and agencies around the globe are also using the OWASP Top Ten, including: A.G. Edwards Bank of Newport Best Software British Telecom Bureau of Alcohol, Tobacco, and Firearms (ATF) Citibank [...] Hmmm. [edit:] TheReg has more - http://www.theregist...site_hack_simple/ (via the OWASP News page) Cheers, Scott. Edited by Another Scott June 15, 2011, 11:44:16 AM EDT Hmmm.... Thanks for the link. I hope it gets more visibility. I chuckled, though, when I saw this: Users and Adopters The U.S. Federal Trade Commission strongly recommends that all companies use the OWASP Top Ten and ensure that their partners do the same. In addition, the U.S. Defense Information Systems Agency (DISA) has listed the OWASP Top Ten as key best practices that should be used as part of the DoD Information Assurance Certification and Accreditation Process (DIACAP). In the commercial market, the Payment Card Industry (PCI) standard has adopted the OWASP Top Ten, and requires (among other things) that all merchants get a security code review for all their custom code. In addition, a broad range of companies and agencies around the globe are also using the OWASP Top Ten, including: A.G. Edwards Bank of Newport Best Software British Telecom Bureau of Alcohol, Tobacco, and Firearms (ATF) Citibank [...] Hmmm. Cheers, Scott. Collapse All History
Post #343,753 by malraux 6/15/11 11:41:30 AM Reply	There is a difference... ... between management thinking they are using it, and the developers actually living it. Regards, -scott Welcome to Rivendell, Mr. Anderson.
Post #343,754 by Another Scott 6/15/11 11:47:08 AM Reply	Could be they only used it in some places. E.g. they might use it for CC transactions but not on the web interface for personal retail banking. As others have commented, they're no doubt much more careful in their CEO's personnel records and the CDS business security than they apparently are in dealing with their lowly customers' info... :-/ Cheers, Scott.

Welcome to IWETHEY!