
Sign up to save your podcasts
Or


We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the metrics that are easy to gather and shift to metrics that have clear ways that teams can influence them?
Segment resources
- https://www.philvenables.com/post/10-fundamental-but-really-hard-security-metrics
- https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw193
By Security Weekly Productions4.7
3535 ratings
We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the metrics that are easy to gather and shift to metrics that have clear ways that teams can influence them?
Segment resources
- https://www.philvenables.com/post/10-fundamental-but-really-hard-security-metrics
- https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw193

2,009 Listeners

83 Listeners

648 Listeners

101 Listeners

1,030 Listeners

33 Listeners

28,325 Listeners

192 Listeners

136 Listeners

26,615 Listeners