Application 6 Controlling Patch Management

Question: #655

Software defects almost never exist in a vacuum. That is, the problem with ensuring application security is that there are usually additional defects or issues that have to be identified, understood, and resolved along with the actual defect in the code to which they are attached. These additional defects are considered dependencies.

In this assignment, you will examine dependencies associated with mitigating CSRF holes in websites and develop data-supported conclusions about the complexity of ensuring against CSRF holes.

Go to Bugzilla and enter the term "CSRF." Scroll to the bottom of the results page. There will be a way to display dependencies based on a graph and a tree.

Then, using the graph, the tree, and any explicit empirical measure that you feel is appropriate to characterize that defect, prepare a 2- to 3-page paper that presents the following:

•An estimate of how difficult this problem will be to resolve. Base that estimate on a quantitative measure that will support your assessment of the defect and the dependencies involved.

•An assessment of the relative complexity of the process needed to solve CSRF problems using quantitative measures and what you know about those dependencies.

•Your conclusions about how to resolve the problem based on the same quantitative measures.

Application 6.docx 13 KB

Solution: #664

Controlling Patch Management Application 6 Scored

make sure that all Defects are tracked and are logged with dates and root causes and ensure they got fixed. With the help of this template it will be very easy to track all the defects arising in Testing Phase and must be properly captured and tracked through resolution

Benefits of this Template to AAG will come in the form of:

1.      Complete documentation of test defects and released patches will all information.

2. &...