1 comment

[ 5.1 ms ] story [ 16.4 ms ] thread
It's a completely valid point that usually companies will do a single security review and want it to last for a number of months, often a number of years. Continuous monitoring is the only reasonable way to ensure adequate security of a company's website; if new code is being written, new vulnerabilities are bound to be written too.

Prioritizing vulnerabilities by which to conquer first and analyzing which vulnerabilities will hurt you more quickly and hit you or your clients the hardest is also interesting; it's something we (Tinfoil Security) already do, but not something we see enough people think about.