
Sign up to save your podcasts
Or
We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the metrics that are easy to gather and shift to metrics that have clear ways that teams can influence them?
Segment resources
- https://www.philvenables.com/post/10-fundamental-but-really-hard-security-metrics
- https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw193
4.8
44 ratings
We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the metrics that are easy to gather and shift to metrics that have clear ways that teams can influence them?
Segment resources
- https://www.philvenables.com/post/10-fundamental-but-really-hard-security-metrics
- https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw193
7,898 Listeners
365 Listeners
626 Listeners
366 Listeners
265 Listeners
1,009 Listeners
7,879 Listeners
166 Listeners
181 Listeners
314 Listeners
74 Listeners
58 Listeners
127 Listeners
38 Listeners
43 Listeners