This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Working Sessions Defining Application Security Metrics
From OWASP
Revision as of 01:56, 15 December 2010 by Sarah Baso (talk | contribs) (Created page with '[http://www.owasp.org/index.php/Summit_2011 ''' Global Summit 2011 Home Page''']<br> [http://www.owasp.org/index.php/Summit_2011_Schedule ''' Global Summit 2011 Schedule''']<br> …')
Global Summit 2011 Home Page
Global Summit 2011 Schedule
Global Summit 2011 Working Sessions
| Working Sessions Operational Rules - Please see here the general frame of rules. |
|---|
| WORKING SESSION IDENTIFICATION | ||||||
|---|---|---|---|---|---|---|
| Work Session Name | Defining Application Security Metrics | |||||
| Short Work Session Description | We all know that you can’t control what you can’t measure and that you need to measure the right things or you won’t be steering towards the right outcome. For this session we will define the right outcome as “low risk to an organization from vulnerabilities in applications.” What are the right things to measure? How can we measure them? How can we use these application security metrics to drive towards low application risk. It would also be great if this could be translated into monetary risk to determine if an organizations investment in applications is not too much or too little. Some of the concepts discussed will be to take a portfolio view of application risk, assigning business risk to applications, counting defects, and measuring SDLC process performance. This is a big unsolved problem so come prepared with ideas and be willing to take part in a discussion. | |||||
| Related Projects (if any) | | |||||
| Email Contacts & Roles | Chair Dinis Cruz Justin Clarke |
Secretary |
Mailing list Subscription Page | |||
| WORKING SESSION SPECIFICS | ||||||
|---|---|---|---|---|---|---|
| Objectives | ||||||
| Venue/Date&Time/Model | Venue OWASP Global Summit Portugal 2011 |
Date&Time |
Discussion Model "Participants + Attendees" | |||
| |
|---|
| WORKING SESSION OPERATIONAL RESOURCES | ||||||
|---|---|---|---|---|---|---|
| Projector, whiteboards, markers, Internet connectivity, power | ||||||
| |
|---|
| WORKING SESSION ADDITIONAL DETAILS | ||||||
|---|---|---|---|---|---|---|
| ||||||
| WORKING SESSION OUTCOMES | ||
|---|---|---|
| Statements, Initiatives or Decisions | Proposed by Working Group | Approved by OWASP Board |
| |
After the Board Meeting - fill in here. | |
| |
After the Board Meeting - fill in here. | |
Working Session Participants
(Add you name by editing this table. On your the right, just above the this frame, you have the option to edit)
| WORKING SESSION PARTICIPANTS | ||||||
|---|---|---|---|---|---|---|
| |
Name | Company | Notes & reason for participating, issues to be discussed/addressed | |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
| |
|
|
| |||
If needed add here more lines.
