Security flaws must be fixed or addressed in the project plan.

From Application Security and Development Security Technical Implementation Guide

Associated with: CCI-003178

SV-85005r1_rule Security flaws must be fixed or addressed in the project plan.

Vulnerability discussion

This requirement is meant to apply to developers or organizations that are doing application development work.Application development efforts include the creation of a project plan to track and organize the development work.If security flaws are not tracked within the project plan, it is possible the flaws will be overlooked and included in a release.Tracking flaws in the project plan will help identify code elements to be changed as well as the requested change.

Check content

This requirement is meant to apply to developers or organizations that are doing application development work. If the organization managing the application is not performing or managing the development of the application the requirement is not applicable. Ask the application representative to demonstrate how security flaws are integrated into the project plan. If security flaws are not addressed in the project plan or there is no process to introduce security flaws into the project plan, this is a finding.

Fix text

Address security flaws within a project plan to ensure they are tracked and addressed by management.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.