Appsec (and adjacent) Metrics - ASW #193

Security Weekly Podcast Network (Video) · Security Weekly Productions

April 18, 202238m 46s

Audio is streamed directly from the publisher (dts.podtrac.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode page

Show Notes

We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the metrics that are easy to gather and shift to metrics that have clear ways that teams can influence them?

Segment resources

- https://www.philvenables.com/post/10-fundamental-but-really-hard-security-metrics

- https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw193

← All episodes of Security Weekly Podcast Network (Video)