OWASP Standard Classification: Automate Security, Don't Tell Your Boss - M. Tesauro

OWASP Standard Classification: Automate Security, Don't Tell Your Boss - M. Tesauro

OWASP Foundation

3 года назад

2,011 Просмотров

Ссылки и html тэги не поддерживаются


Комментарии:

@allanwind295
@allanwind295 - 17.01.2022 06:46

The number of assessments doesn't seem a particular interesting metric. Once it's automated you can run it arbitrarily many times, i.e. 1000 runs over night. Instead you may want to talk about number of issues found, mttr, did quality of the audit change in exposure etc. Then you set that metric against a relative headcount which is also vague (5.5 out of 100 is not a lot, 5.5 out of 10 is). I like the talk but it's too fluffy and hand-waving.

Ответить
@logiciananimal
@logiciananimal - 09.03.2022 23:11

Prerequisite to the ideas: corporate SDLC, EA.

Ответить