Software Security Metrics - Developing Key Indicators for Executives
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore effective software security metrics in this 50-minute conference talk from AppSec California 2016. Learn techniques to change conversations with executives about software security, encouraging them to ask the right questions and receive answers demonstrating progress towards meaningful objectives. Discover a progression of software security capabilities and corresponding metrics for different maturity levels. Gain insights on developing key metrics for your unique software security program through a detailed example. Delve into topics such as risk management objectives, measurement vs. metrics, phases of metrics, defects, risk tolerance, and coverage. Benefit from Caroline Wong's expertise as a thought leader in security strategy, operations, and metrics, drawing from her experience at companies like Cigital, Symantec, Zynga, and eBay.
Syllabus
Intro
Agenda
Questions from executives
Why Metrics
Risk Management Objectives
Measurement vs Metric
Phases of Metrics
Defects
Bad Scenarios
Vanity Metrics
Metrics Without Context
Metrics With Executives
Risk Management
Policy Standards Outreach
Software Environment
Software Security Capabilities
Risk Tolerance
Coverage
Taught by
OWASP Foundation
Related Courses
Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld SystemsVanderbilt University via Coursera Engineering Maintainable Android Apps
Vanderbilt University via Coursera Software Design as an Element of the Software Development Lifecycle
University of Colorado System via Coursera Secure Software Development
Pluralsight Secure Software Concepts for CSSLPĀ®
Pluralsight