Appsec (and adjacent) Metrics – ASW #193



We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren’t effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the metrics that are easy to gather and shift to metrics that have clear ways that teams can influence them?

Segment resources

https://www.philvenables.com/post/10-fundamental-but-really-hard-security-metrics
https://cloud.google.com/blog/products/devops-sre/using-the-four-keys-to-measure-your-devops-performance Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Appsec (and adjacent) Metrics

Hosts

John Kinsella

John Kinsella – Co-founder & CTO at Cysense

@johnlkinsella

John Kinsella is the Chief Architect for Accurics

Mike Shema

Mike Shema – Security Partner at Square

@Codexatron

Mike Shema is a Security Partner at Square.

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Join Alan Stacilauskas and hosts Tyler Robinson and Paul Asadoorian on April 21st to learn how to gain visibility into your enterprise with SYSMON. Also join Paul Asadoorian and Rich Mogull on May 4th to learn how to choose the right architecture for your application. Live attendees at both of these webcasts will have the chance to win a $100 Hacker Warehouse gift card! Register at securityweekly.com/webcasts. Don’t forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.