Chris Horn, Researcher for Secure Decisions, will be talking about the paper he wrote entitled “Measuring Application Security” at the 2018 AppSec Europe Conference in London, England on July 2-6 of 2018.
How are organizations managing their AppSec programs?
Assuring application security (AppSec) is much more than a technology problem—it requires coordinating the actions of numerous people, which means organization and process. Roles and responsibilities must be defined; budgets must be approved; people need to be hired, educated, and helped to develop skills; culture needs to be created; tools need to be selected and acquired; and policies and processes must be defined.
Do you wonder how others are wrangling this challenge?
In this presentation, we will present insights and observations from a study of AppSec program management. In 2017, we reviewed over 75 published articles and talks and interviewed 16 application security practitioners to understand the specific problems AppSec practitioners face. We will share what we have learned about the boundaries used to define the scope of an application security program, the goals of the people responsible for assuring the security of application software, the metrics and measurements that they employ in the pursuit of these goals, and the tools that they used to measure and track application security metrics.