Application Security Weekly Subscribe

DevOps, Leadership

Appsec (and adjacent) Metrics – ASW #193

April 18, 2022

We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the metrics that are easy to gather and shift to metrics that have clear ways that teams can influence them?

Segment resources

- https://www.philvenables.com/post/10-fundamental-but-really-hard-security-metrics

- https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance

Full episode and show notes

Announcements

Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Mike Shema

Mike Shema

Tech Lead at Block

John Kinsella

John Kinsella

Co-founder & CTO at Cysense

Related

LLM Top 10, Simple Vulns, PyPI Requires 2FA, ThinkstScapes Quarterly, Fun w/ Learning – ASW #243

June 5, 2023

OWASP has a draft for the LLM Top 10, simple vulns in a modern SaaS app, ancient vuln in a Wordpress plugin, PyPI moves to secure its package manager accounts, ThinkstScape Quarterly research report, having fun with memory variables, DNS, and logins.

What’s the Deal with API Security – Sandy Carielli – ASW #243

June 5, 2023

Walking the show floor at RSA Conference, you couldn't trip without falling into an application security vendor booth ... and API security specialists were especially plentiful. Join Forrester Principal Analyst Sandy Carielli for her thoughts on RSA Conference and a deep dive into the challenges of API security. Segment Resources: https://www.fo...

Are We Thinking in the Right Way as CISOs? – Sajan Gautam – CSP #124

May 30, 2023

CISOs want to enable the business. But sometimes we must stand our ground and explain our position with rationale. So, how do we convince other people to act without telling their baby is ugly? Join us, as we discuss having difficult conversations. Segment Resources: https://cms.cyberriskalliance.com/wp-content/uploads/2023/06/Leading-Difficult-...