What is the Executives role in assuring application security in the organization and IT security audits?
While many positions within an organization have responsibilities for ensuring the security of online applications – starting with the programmer writing the source code, software security assurance is a broad management responsibility. Because software vulnerabilities represent significant control deficiencies in terms of secure and reliable information, processes, and reporting, they fall within the direct purview of the CEO, CFO, and audit committee of the board. Security vulnerabilities may also result in the disclosure of personal and other sensitive information, and therefore also impact the roles and responsibilities of management positions throughout the enterprise. For a detailed discussion of roles and responsibilities within a software security auditing program, please refer to the Ounce Labs’ Software Security Audit Framework.