登录查看更多内容

SHOW ME THE (AppSec) DATA!!!

Caroline Wong

发布日期: 2017年3月2日

Too often, application security decisions are made based on opinion or anecdotes. Application security professionals can help their leaders to make educated decisions about investment and resource allocation for activities like penetration testing, by evaluating relevant data points and taking a data-driven approach to decision making.

This week, Mike Shema published a blog post highlighting the signal and noise relationship in the findings reported via Cobalt's crowdsourced security platform.

Specifically, the post presents a visualization of the acceptance state of vulnerabilities reported in 2016 through both bug bounty and pen test programs. It compares the number of duplicate, invalid, new, out of scope, triage, and valid findings.

Check it out here.

For more from Mike, register for his AppSec Reanimated webinar series.

要查看或添加评论，请登录

Caroline Wong的更多文章

You vs. AI: The Resilience Playbook for Cybersecurity

2024年12月17日

You vs. AI: The Resilience Playbook for Cybersecurity

I've seen what happens when security strategies are pushed to the limit. At a previous employer, a global security…

13 条评论
5 Ways to Keep Your Company Safe While We’re More Susceptible to Hackers

2020年5月18日

5 Ways to Keep Your Company Safe While We’re More Susceptible to Hackers

Last week, Sequoia Capital penned an article about weathering a business downturn that went viral as fears around the…

2 条评论
Want to avoid a software hack? Watch out for these common mistakes

2018年2月25日

Want to avoid a software hack? Watch out for these common mistakes

It seems like every day you hear about a new security incident or breach in the news. Have you ever wondered, What…

6 条评论
Vendor Security Questionnaires: The Buyer’s Perspective

2017年12月11日

Vendor Security Questionnaires: The Buyer’s Perspective

This post is a follow up to a previous article on the subject, How to Survive a Vendor Security Questionnaire. In that…

10 条评论
How to Survive a Vendor Security Questionnaire

2017年8月14日

How to Survive a Vendor Security Questionnaire

So you’ve just closed a deal with your first big enterprise client. Or, almost closed the deal.

9 条评论
A Different Approach to Diversity in Tech

2017年8月9日

A Different Approach to Diversity in Tech

Tech has a diversity problem, and companies like Google are trying to do the right thing to turn it around. I'm a…

30 条评论
Pen Test Self-Assessment Questionnaire?—?Get Your Score in 10 Minutes

2017年6月27日

Pen Test Self-Assessment Questionnaire?—?Get Your Score in 10 Minutes

No matter what level you’re at today, it’s always useful to benchmark your program against what others are doing. From…

5 条评论
What makes a good application pen test? Metrics.

2017年4月5日

What makes a good application pen test? Metrics.

This year at the RSA Conference in San Francisco, we published a report on Pen Test Metrics. The idea was to help…
"Women in Security"

2017年3月21日

"Women in Security"

Women in technology and women in information security is a “thing” these days. Sometimes it feels a little weird.

2 条评论
Let's change the way we AppSec

2017年2月27日

Let's change the way we AppSec

There are many different ways to "do" application security. Most organizations have a set budget allocated for…

See all articles

SHOW ME THE (AppSec) DATA!!!

Caroline Wong

Caroline Wong的更多文章

社区洞察

其他会员也浏览了

Understanding the XZ Utils Backdoor and Strategies for Future Prevention

Malicious Code Digest October Recap

SSL Certificate Visibility: 6 Things You Need to Know

This guide delves into how reentrancy attacks work, why they occur, and how to prevent them using best practices and tools.

The roadmap towards protecting high value student data: a mini-series.

10 Malicious NPM Packages Exposed by Xygeni

Security Anxiety and the Supply Chain

How to define entry points to solution: Building Threat Models and Attack Trees

This Doesn't Help: "NIST makes no claims as to the security of the tool itself"

A thought about the essence of vulnerability

Caroline Wong的更多文章

You vs. AI: The Resilience Playbook for Cybersecurity

5 Ways to Keep Your Company Safe While We’re More Susceptible to Hackers

Want to avoid a software hack? Watch out for these common mistakes

Vendor Security Questionnaires: The Buyer’s Perspective

How to Survive a Vendor Security Questionnaire

A Different Approach to Diversity in Tech

Pen Test Self-Assessment Questionnaire?—?Get Your Score in 10 Minutes

What makes a good application pen test? Metrics.

"Women in Security"

Let's change the way we AppSec

社区洞察

其他会员也浏览了

Understanding the XZ Utils Backdoor and Strategies for Future Prevention

Malicious Code Digest October Recap

SSL Certificate Visibility: 6 Things You Need to Know

This guide delves into how reentrancy attacks work, why they occur, and how to prevent them using best practices and tools.

The roadmap towards protecting high value student data: a mini-series.

10 Malicious NPM Packages Exposed by Xygeni

Security Anxiety and the Supply Chain

How to define entry points to solution: Building Threat Models and Attack Trees

This Doesn't Help: "NIST makes no claims as to the security of the tool itself"

A thought about the essence of vulnerability