Application Security Metrics: Identifying Key Indicators and Potential Red Flags

Explore the complex world of application security metrics in this 50-minute conference talk from the OWASP Foundation. Learn to distinguish between valuable indicators and potentially alarming metrics in the rapidly evolving AppSec landscape. Gain insights into selecting metrics that align with organizational security goals and risk appetite, aiming to raise AppSec maturity. Delve into various categories of AppSec metrics, including vulnerability density, time to remediation, and exploitability. Acquire tools and understanding to effectively communicate security metrics to stakeholders, facilitating informed decision-making and fostering a proactive security culture. Navigate the ocean of AppSec metrics to identify areas of concern, prioritize remediation efforts, and drive continuous improvement in your organization's application security posture.

Metrics, metrics everywhere - from which ones I should be scared?