SecurityRatty: tag: metrics

Software Security Metrics and Commentary on "Metrics Framework" Paper

2007-09-17 20:41:00 by Security Retentive in Security Retentive

...Metrics Framework to Drive Application Security Improvement " recently and some thoughts started to gel about what types of web application security metrics are meaningful This is going to be part-1 of 2 about the paper and software security metrics. In this first installment I comment on the metrics from the paper and provide what I believe...

Tags: metrics, software security metrics, metrics framework, metrics miss, design-time metric, design, upstream sdl metrics, application, web application security

Software Security Metrics and Commentary - Part 2

2007-10-23 20:31:00 by Security Retentive in Security Retentive

...metrics from the paper " A Metrics Framework to Drive Application Security Improvement In part-2 of this piece I'll try to cover the remaining 5 metrics as well as discuss a few thoughts on translating survivability/Quality-of-Protection into upstream SDL metrics First, onto the other five metrics from the paper Injection Flaws Again, I...

Tags: security metrics, software security metrics, metrics, software, metrics framework, metric, upstream sdl metrics, concrete metric, paper steve bellovin

Metrics and Audience

2008-04-19 09:52:00 by Security Retentive in Security Retentive

...metrics. I chimed in on Pete's blog as well as on the Microsoft SDL blog , here is a little more The fundamental confusion here is about the audience for the vulnerability numbers, and metrics in general There are several audiences here Microsoft's customers, competitors, and the public at large Security folks, especially software security...

Tags: software, software metric, software security folks, security folks, software security initiatives, security, measure software security, measure, metrics

Oh No! Security Metrics!

2008-04-18 12:43:00 by sdl in The Security Development Lifecycle

...metrics exist, it's useful to have some objective data when trying to discuss this complex subject. Our customers constantly tell us to reduce the number of patches they need to apply to their products once in deployment. It costs them time and money to deploy security updates. The primary metric that matters to customers is the number of...

Tags: bugs, implementation bugs, fewer security bugs, fewer, security bugs include, security, metrics, security metrics, security bugs

We Not Only Write, But We Speak, Too (and on Metrics)

2008-06-10 17:04:34 by Alex in RiskAnalys.is

...Metrics: Measurement, Modeling & Meaning Come see Jack as he does more than just practice his alliteration How do you justify security spending? How do you gain credibility with other lines of business? How can you get executive management to do more than just the bare minimum of regulatory compliance Increasingly, CISOs are discovering that...

Tags: metrics, join jack jones, jack jones, metrics program, jack, security metrics, security, financial services company, information risk management

Great tutorial on Information Security Program Metrics

2008-03-10 13:37:00 by Ryan Shopp in practical risk management

...metrics Cost of security per transaction DoS and other attack downtimes Data flow per transaction & per source Budget correlation with risk measures Comparison with like firms Percentage of critical systems under DR plan Percentage of systems obeying policy MTBF & MTTR for security incidents Number of security team consultations Latency to...

Tags: security, security workers, security standards, security staff, security team consultations, questions security programs, programs, percentage, data

More on Application Security Metrics

2008-05-08 20:05:00 by Security Retentive in Security Retentive

...metrics might be I'd been asking the Microsoft guys for a while whether they had any decent metrics to break down the difference between Architectural/Design Defects Implementation Defects I hadn't gotten good answers up to this point because measuring those internally during the development process is a constantly moving target. If your...

Tags: defects, fundamental design defects, fewer defects, architectural defects, implementation defects, security, application, security design, software developers

Why is it important to use security metrics with my clients?

2008-04-09 13:50:41 by Gareth Goh in WhatIs: Enterprise IT tips and expert advice

When looking at security metrics, it's important to understand what is measured, why and for whom. Learn why it is not always easy to quantify ROI for security expenditures

Tags: security metrics, security expenditures, easy, roi

Because Hackers Don't Care... (Why Metrics Don't Work)

2008-04-29 13:23:00 by Allen Baranov, CISSP in Security Thoughts

...metrics lied You could say that there was residual risk but it really looks quite small. What is 1% between friends? But that 1% is precisely what any hacker (or virus writer etc) worth his salt is targeting So, where to from here I won't throw the baby out with the bathwater. 99% of PCs with antivirus is certainly safer than 50% or 0%....

Tags: antivirus blocks, antivirus, virus writer, virus, network, network downtime, pcs, risk, residual risk

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo