🎥 Metrics, metrics everywhere - from which ones I should be scared?

Author: OWASP Foundation - Bewertung: 2x - Views:6

The rapidly evolving landscape of application security (Appsec) necessitates the implementation of effective metrics to gauge the effectiveness of security measures. However, the abundance of available metrics can overwhelm organizations, making it crucial to identify the metrics that truly matter and those that should instill concern. This session will explore the realm of Appsec metrics and guide attendees on distinguishing between valuable indicators and potentially alarming ones. Drawing upon industry best practices and real-world examples, participants will gain insights into selecting metrics that align with their organization's security goals and risk appetite, aiming to raise the AppSec maturity of the organization. The session will delve into the various categories of Appsec metrics, including vulnerability density, time to remediation, and exploitability. By examining these metrics in-depth, participants will learn to discern whether specific metrics reflect healthy security practices or signal potential vulnerabilities that demand immediate attention. The session will also address the challenges associated with interpreting and contextualizing Appsec metrics. Attendees will acquire the understanding and will get a review of some tools necessary to effectively communicate security metrics to stakeholders, facilitating informed decision-making and fostering a proactive security culture within their organizations. The goal of his session is to empower attendees to navigate the ocean of Appsec metrics, enabling them to identify metrics that warrant concern, prioritize remediation efforts, and drive continuous improvement in their organization's application security posture. Maria Schwenger BotCopy Associate Director Cyber Security : DevSecOps ATLANTA, GA Maria is an innovative cloud transformation and cybersecurity leader well-known for leading multiple successful implementations of the modern vision of cloud optimization, DevSecOps, and data protection, and for her leadership in executing complex digital transformation programs in areas like IOT/Edge, AI, and Big Data Analytics. The results of her work demonstrate a multitude increase of return on investments, business efficiency, and productivity gains in delivering business capabilities. Srdan Reljic Srdan Reljic is an accomplished technology executive and a cyber security practitioner with a knack for driving innovation and creating strategic value with extensive hands-on experience in applying cloud native and open source technology to infuse security at every level. His interests lie in secure developer enablement, platform and data engineering, and AI and web3 security. Managed by the OWASP® Foundation https://owasp.org/