Читать книгу Corporate Cybersecurity - John Jackson - Страница 55

An engineer’s primary responsibility is to assist management in determining all of the vulnerabilities and risks that could be directly related to or impact the application security team. It never hurts to ask questions, and arguably some of the best engineers will want to know everything about the process – just as management will. Many engineers that may come across this book will be in a position other than application security and may not be ready to take on the responsibility of a bug bounty program without a manager. If that’s the case, it’s crucial to review the management section and get a thorough grasp of vulnerability management and how it pertains to application security.

Engineers should care about the passion for the craft and the great contributions that researchers will put forward. Even if a security engineer has management who has put a substantial amount of effort into knowing the entire enterprise layout and application security responsibilities, they should aspire to ingest all of that information. There’s not a day that goes by in day-to-day responsibilities in which a security engineer does not need to be familiar with the various enterprise teams and vulnerability remediation best practices.