When asked what the greatest risks his company expects to face in 2010, the CEO of a major U.S. airline began to list items such as energy pricing, labor challenges and terrorism. IT security, let alone the application security subcategory, did not make the list. Is this a common theme across today's businesses? Or, is it that organizations just don't speak of IT and security risk using IT and security lingo? In this Network World article, "Healthcare powerhouse McKesson comments on AppSec in GRC," we gain some real-world commentary from the OWASP AppSec 2010 conference on incorporating Application Security into an organizations GRC program.

Read the full article at Network World.

Article by: Sean Martin, CISSP