posted 11 years ago
Hi Natalie,
Thank you.
You are completely right and it gets even tougher once one starts working
on security compliance issues.
Code security is only one aspect in the myriad of possible standards, e.g.
access control, backup, logging, sanitization...
We are currently working on these things and it's a LOT of work...
Luckily enough the business was lured :-) into approving a business impact
analysis where the aspects of confidentiality, integrity and availability are
in a way quantified and 'measured'...
Kind regards,
Yvette