Measuring End-to-End Security Engineering

Explore a groundbreaking approach to Security Development Lifecycle (SDL) called End-to-End Security Engineering in this 34-minute conference talk from AppSecUSA 2017. Learn how Twilio defines a 'perfect secure system' and generates metrics to measure security at each stage of the product lifecycle. Discover the six key components of a perfect secure system, including threat modeling, attack identification, monitoring, controls implementation, testing, and effectiveness evaluation. Gain insights into essential metrics for tracking security progress, such as the percentage of threat-modeled products, attack monitoring coverage, and control implementation rates. Benefit from the expertise of speakers Davit Baghdasaryan, Principal Security Engineer at Twilio, and Garrett Held, Head of Product Security at Twilio, as they share their experiences in building comprehensive security systems.

Measuring End-to-End Security Engineering - AppSecUSA 2017