This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Day 4"
From OWASP
(Created page with "= Key Activities == *Measure and improve assessment service delivery. == Measured Metrics == * Compare against industry metrics and interdepartmental metrics. * Compare behav...") |
Gabrielgumbs (talk | contribs) |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| + | [[Application Security Program Quick Start Guide|< Back to The Application_Security_Program_Quick_Start_Guide]] | ||
| + | |||
| + | |||
= Key Activities == | = Key Activities == | ||
*Measure and improve assessment service delivery. | *Measure and improve assessment service delivery. | ||
| + | <span id="Measured Metrics"></span> | ||
== Measured Metrics == | == Measured Metrics == | ||
* Compare against industry metrics and interdepartmental metrics. | * Compare against industry metrics and interdepartmental metrics. | ||
| Line 7: | Line 11: | ||
== Metric Definition == | == Metric Definition == | ||
| − | {| class="wikitable" style="color:black; background-color:# | + | {| class="wikitable" style="color:black; background-color:#C1D9DD;" cellpadding="10" |
| + | !Metric | ||
| + | !Definition | ||
| + | |- | ||
|Number of Vulnerabilities | |Number of Vulnerabilities | ||
|The total count of vulnerabilities during the analysis period; valuable as a metric over time. Time Open This value represents the number of partial days since the vulnerability was opened as of the specific evaluation date. It only includes open vulnerabilities and not vulnerabilities that were closed. It is computed as the evaluation date less the open date for the vulnerability. | |The total count of vulnerabilities during the analysis period; valuable as a metric over time. Time Open This value represents the number of partial days since the vulnerability was opened as of the specific evaluation date. It only includes open vulnerabilities and not vulnerabilities that were closed. It is computed as the evaluation date less the open date for the vulnerability. | ||
| Line 20: | Line 27: | ||
|Likelihood Vulnerability Class Likelihood is the percentage of active applications that have at least one open vulnerability in a given vulnerability class over a given period of time. It is determined by counting the number of applications that have at least one open vulnerability in a given vulnerability class over the number of active applications. | |Likelihood Vulnerability Class Likelihood is the percentage of active applications that have at least one open vulnerability in a given vulnerability class over a given period of time. It is determined by counting the number of applications that have at least one open vulnerability in a given vulnerability class over the number of active applications. | ||
|} | |} | ||
| + | |||
| + | |||
| + | [[Application Security Program Quick Start Guide|< Back to The Application_Security_Program_Quick_Start_Guide]] | ||
Latest revision as of 22:44, 5 January 2015
< Back to The Application_Security_Program_Quick_Start_Guide
Key Activities =
- Measure and improve assessment service delivery.
Measured Metrics
- Compare against industry metrics and interdepartmental metrics.
- Compare behaviors to measured metrics to identify which initiatives drive improvement of metrics and security program.
Metric Definition
| Metric | Definition |
|---|---|
| Number of Vulnerabilities | The total count of vulnerabilities during the analysis period; valuable as a metric over time. Time Open This value represents the number of partial days since the vulnerability was opened as of the specific evaluation date. It only includes open vulnerabilities and not vulnerabilities that were closed. It is computed as the evaluation date less the open date for the vulnerability. |
| Time-to-Fix | The Time-to-Fix is the number of partial days required to close a vulnerability. It is based on the vulnerabilities that were closed during the analysis period. |
| Remediation Rate | The Remediation Rate is the ratio of the number of vulnerabilities closed over the number of vulnerabilities opened over a given period of time. A vulnerability is considered closed if it closed during the analysis period. A vulnerability is considered open if it was open at some time during the analysis period. Therefore, vulnerability could be counted as open and closed. |
| Vulnerability Class | Likelihood Vulnerability Class Likelihood is the percentage of active applications that have at least one open vulnerability in a given vulnerability class over a given period of time. It is determined by counting the number of applications that have at least one open vulnerability in a given vulnerability class over the number of active applications. |
< Back to The Application_Security_Program_Quick_Start_Guide
