I'm back from SANS' Web Application Security Summit. As always, the guys at SANS put together a good agenda and managed the sessions very interactively. It was great to speak at this conference and watch two of our customers sharing their SecureSphere experience and best practices on stage.
Jeremiah Grossman's keynote speech was interesting and educational. Rich Mogull was referring to the statistics that Jeremiah presented:
Alongside other key statistics, Jeremiah was answering "how long does it takes to fix a vulnerability"
Apparently in real-life it takes a lot of time to fix vulnerabilities. My own estimations of "weeks to months" was wrong. It takes many months to fix vulnerabilities.
Jeremiah Grossman's keynote speech was interesting and educational. Rich Mogull was referring to the statistics that Jeremiah presented:
"With WAFs, we are trying to block vulnerability classes instead of specific vulnerabilities".... [SNIP]....we need to change how we view WAFs. They can no longer be merely external boxes protecting against generic vulnerabilities; they need tighter integration into our applications".Imperva was mentioned for tying together the WAF and database activity monitoring. Imperva was also the first to create a Data Security technology eco system.
Alongside other key statistics, Jeremiah was answering "how long does it takes to fix a vulnerability"
source: Jeremiah Grossman - Keynote Address SANS What Works in Web Application Security
Apparently in real-life it takes a lot of time to fix vulnerabilities. My own estimations of "weeks to months" was wrong. It takes many months to fix vulnerabilities.
Leave a comment