We report on a qualitative study of application security (AppSec) program management. We sought to establish the boundaries used to define program scope, the goals of AppSec practitioners, and the metrics and tools used to measure performance.
Radwan, H., & Prole, K. (2015, April). Code Pulse: Real-time code coverage for penetration testing activities. In Technologies for Homeland Security (HST), 2015 IEEE International Symposium on (pp. 1-6). IEEE.
Goodall, J. R., Radwan, H., & Halseth, L. (2010, September). Visual analysis of code security. In Proceedings of the seventh international symposium on visualization for cyber security (pp. 46-51). ACM.